sam1112 Posted December 16, 2013 ID:765129 Share Posted December 16, 2013 hi mbam forum , my computer became so slow and control panel and other features cannot be accessed . when i open control panel it shows error. when i start up my pc it displayes error . so i scanned with mbam it found 200 malwares .need help here is the report of mbam. Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.16.06Windows 7 x86 NTFSInternet Explorer 8.0.7600.16385APEC :: APEC-PC [administrator]Protection: Enabled12/16/2013 8:23:33 PMmbam-log-2013-12-16 (20-23-33).txtScan type: Full scan (C:\|D:\|E:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 374045Time elapsed: 1 hour(s), 26 minute(s), 29 second(s)Memory Processes Detected: 8C:\Users\APEC\AppData\Roaming\cssrs.exe (Trojan.StartPage.CSS) -> 1468 -> No action taken.C:\ProgramData\IBUpdaterService\ibsvc.exe (Adware.InstallBrain) -> 2084 -> No action taken.C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr.A) -> 3464 -> No action taken.C:\Program Files\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> 740 -> Delete on reboot.C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 2084 -> Delete on reboot.C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (PUP.Optional.SweetIM) -> 3480 -> Delete on reboot.C:\Users\APEC\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> 3844 -> Delete on reboot.C:\Users\APEC\AppData\Roaming\cssrs.exe (Trojan.StartPage.CSS) -> 1156 -> Delete on reboot.Memory Modules Detected: 7C:\Program Files\SweetIM\Communicator\mgcommon.dll (PUP.Optional.SweetIM) -> Delete on reboot.C:\Program Files\SweetIM\Communicator\mgxml_wrapper.dll (PUP.Optional.SweetIM) -> Delete on reboot.C:\Program Files\SweetIM\Communicator\mgcommunication.dll (PUP.Optional.SweetIM) -> Delete on reboot.C:\Program Files\SweetIM\Communicator\mgsimcommon.dll (PUP.Optional.SweetIM) -> Delete on reboot.C:\Users\APEC\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> Delete on reboot.C:\Users\APEC\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.Conduit.A) -> Delete on reboot.C:\Users\APEC\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.Conduit.A) -> Delete on reboot.Registry Keys Detected: 73HKCR\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA} (Adware.BetterSurf) -> No action taken.HKCR\TypeLib\{0113A098-06EA-4776-A011-D75590778F1E} (Adware.BetterSurf) -> No action taken.HKCR\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645} (Adware.BetterSurf) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E3C6B04-08FE-43BC-8E50-F90285024DEA} (Adware.BetterSurf) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E3C6B04-08FE-43BC-8E50-F90285024DEA} (Adware.BetterSurf) -> No action taken.HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken.HKCR\SWEETIE.IEToolbar (PUP.Optional.SweetPacks) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> No action taken.HKCR\CLSID\{64E2F96A-4FE4-4aa8-90B0-2A929AB6AA88} (PUP.Datamngr) -> No action taken.HKCR\BrowserConnection.Loader (PUP.Datamngr) -> No action taken.HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E3C6B04-08FE-43BC-8E50-F90285024DEA} (PUP.Optional.BetterSurf) -> No action taken.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649} (Adware.Zwangi) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Codec-V (Trojan.LilyJade) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.Conduit.A) -> No action taken.HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CodecUpdater (Trojan.Dropper.H) -> No action taken.HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (Adware.InstallBrain) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (Adware.InstallBrain) -> No action taken.HKCR\CrossriderApp0000435.FBApi.1 (PUP.Optional.CrossRider.A) -> No action taken.HKCU\Software\RavenBleuSA (Adware.Hotbar.RB) -> No action taken.HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BASICSCAN SERVICE (Adware.Zwangi) -> No action taken.HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E3C6B04-08FE-43BC-8E50-F90285024DEA} (Adware.BetterSurf) -> Quarantined and deleted successfully.HKCR\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.HKCR\SWEETIE.IEToolbar.1 (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.HKCR\Toolbar3.SWEETIE.1 (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.HKCR\Toolbar3.SWEETIE (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.HKCR\CLSID\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.HKCR\TypeLib\{44444444-4444-4444-4444-440044044435} (PUP.Codec.PR) -> Quarantined and deleted successfully.HKCR\Interface\{55555555-5555-5555-5555-550055045535} (PUP.Codec.PR) -> Quarantined and deleted successfully.HKCR\CrossriderApp0000435.BHO.1 (PUP.Codec.PR) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.HKCR\TypeLib\{1282B8C1-6644-4A40-95A7-83D78C57AB7F} (PUP.Datamngr) -> Quarantined and deleted successfully.HKCR\BrowserConnection.Loader.1 (PUP.Datamngr) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64E2F96A-4FE4-4AA8-90B0-2A929AB6AA88} (PUP.Datamngr) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{64E2F96A-4FE4-4AA8-90B0-2A929AB6AA88} (PUP.Datamngr) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64E2F96A-4FE4-4AA8-90B0-2A929AB6AA88} (PUP.Datamngr) -> Quarantined and deleted successfully.HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.HKCR\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA} (PUP.Optional.BetterSurf) -> Quarantined and deleted successfully.HKCR\TypeLib\{0113A098-06EA-4776-A011-D75590778F1E} (PUP.Optional.BetterSurf) -> Quarantined and deleted successfully.HKCR\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645} (PUP.Optional.BetterSurf) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E3C6B04-08FE-43BC-8E50-F90285024DEA} (PUP.Optional.BetterSurf) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E3C6B04-08FE-43BC-8E50-F90285024DEA} (PUP.Optional.BetterSurf) -> Quarantined and deleted successfully.HKCR\CrossriderApp0000435.BHO (PUP.Codec.PR) -> Quarantined and deleted successfully.HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.HKCR\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1 (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.HKCR\CrossriderApp0000435.FBApi (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.HKCR\CrossriderApp0000435.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.HKCR\CrossriderApp0000435.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.Registry Values Detected: 20HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TINTIMG (Trojan.StartPage.CSS) -> Data: C:\Users\APEC\AppData\Roaming\cssrs.exe -> No action taken.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Data: -> No action taken.HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> Data: -> No action taken.HKCU\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (Trojan.StartPage) -> Data: http://www.114116.info -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NofolderOptions (Hijack.FolderOptions) -> Data: 1 -> No action taken.HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {F93A43F6-4DF0-11E2-A771-2C768ADB371F} -> No action taken.HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (Trojan.StartPage) -> Data: http://www.114116.info -> No action taken.HKLM\SYSTEM\CurrentControlSet\Services\BasicScan Service|ImagePath (Adware.Zwangi) -> Data: "C:\Program Files\BasicScan\basicscan.exe" "C:\Program Files\BasicScan\basicscan.dll" jocoxefo wirabasu -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Sweetpacks Communicator (PUP.Optional.SweetIM) -> Data: C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtect (PUP.Optional.Conduit.A) -> Data: C:\Users\APEC\AppData\Roaming\SearchProtect\bin\cltmng.exe -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtectAll (PUP.Optional.Conduit.A) -> Data: C:\Program Files\SearchProtect\bin\cltmng.exe -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Data: 썛愘ᇜ犜ጀ유䞘 -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGHELPERAPP.EXE (PUP.Optional.SweetIM) -> Data: 1 -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGTOOLBARPROXY.DLL (PUP.Optional.SweetIM) -> Data: 1 -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|blank (Trojan.StartPage) -> Data: http://www.114116.info -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RavenBleuSA (Adware.Hotbar.RB) -> Data: "C:\Users\APEC\AppData\Local\RavenBleuSA\bin\1.0.16.0\RavenBleuSA.exe" -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|blank (Trojan.StartPage) -> Data: http://www.114116.info -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DATAMNGR (PUP.Optional.Datamngr.A) -> Data: C:\PROGRA~1\SHAREA~1\MediaBar\Datamngr\DATAMN~1.EXE -> Quarantined and deleted successfully.HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {F93A43F6-4DF0-11E2-A771-2C768ADB371F} -> Quarantined and deleted successfully.Registry Data Items Detected: 12HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage.Gen) -> Bad: (http://www.114116.info) Good: (http://www.google.com) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.114116.info) Good: (http://www.google.com) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL|CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.114116.info) Good: (http://www.google.com) -> Quarantined and repaired successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage.Gen) -> Bad: (http://www.114116.info) Good: (http://www.google.com) -> Quarantined and repaired successfully.HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL|CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig (Windows.Tool.Disabled) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.Folders Detected: 31C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> No action taken.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.C:\Users\APEC\Local Settings\Application Data\RavenBleuSA\bin\1.0.16.0 (Adware.Hotbar.RB) -> No action taken.C:\Users\APEC\Local Settings\Application Data\RavenBleuSA\data (Adware.Hotbar.RB) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf (PUP.Optional.SweetIM.A) -> No action taken.C:\Users\APEC\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C} (Adware.Zwangi) -> Quarantined and deleted successfully.C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome (Adware.Zwangi) -> Quarantined and deleted successfully.C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults (Adware.Zwangi) -> Quarantined and deleted successfully.C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences (Adware.Zwangi) -> Quarantined and deleted successfully.C:\Users\APEC\Local Settings\Application Data\RavenBleuSA (Adware.Hotbar.RB) -> Quarantined and deleted successfully.C:\Users\APEC\Local Settings\Application Data\RavenBleuSA\bin (Adware.Hotbar.RB) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.Files Detected: 185C:\Users\APEC\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> No action taken.C:\Users\APEC\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.Conduit.A) -> No action taken.C:\Users\APEC\AppData\Roaming\cssrs.exe (Trojan.StartPage.CSS) -> No action taken.C:\Program Files\Codec-V\Codec-V.dll (PUP.Codec.PR) -> No action taken.C:\Program Files\BetterSurf\ie\BetterSurf.dll (PUP.Optional.BetterSurf) -> No action taken.C:\Program Files\SearchProtect\bin\ChromeModule.dll (PUP.Optional.Conduit.A) -> No action taken.C:\Program Files\SearchProtect\bin\SPHook64.dll (PUP.Optional.Conduit.A) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll (PUP.Optional.SweetIM) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll (PUP.Optional.SweetIM) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll (PUP.Optional.SweetIM) -> No action taken.C:\ProgramData\CodecUpdate\ix_updater.exe (Trojan.Dropper.H) -> No action taken.C:\Users\APEC\AppData\Roaming\SearchProtect\bin\SPHook32.dll_20130425172848.697 (PUP.Optional.Conduit.A) -> No action taken.C:\Windows\Installer\2792c2.msi (PUP.Optional.SweetIM) -> No action taken.C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDJJWUAF\upgrade[1].cab (Adware.Zwangi) -> No action taken.C:\Program Files\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\install.rdf (Adware.Zwangi) -> No action taken.C:\Users\APEC\Local Settings\Application Data\RavenBleuSA\bin\1.0.16.0\RavenBleuSAHook.dll (Adware.Hotbar.RB) -> No action taken.C:\Users\APEC\Local Settings\Application Data\RavenBleuSA\bin\1.0.16.0\RavenBleuUninstaller.exe (Adware.Hotbar.RB) -> No action taken.C:\Users\APEC\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSAau.dat (Adware.Hotbar.RB) -> No action taken.C:\Users\APEC\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA_kyf.dat (Adware.Hotbar.RB) -> No action taken.C:\Users\APEC\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll (PUP.Optional.SweetIM.A) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png (PUP.Optional.SweetIM.A) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml (PUP.Optional.SweetIM.A) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif (PUP.Optional.SweetIM.A) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png (PUP.Optional.SweetIM.A) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\games.png (PUP.Optional.SweetIM.A) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png (PUP.Optional.SweetIM.A) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png (PUP.Optional.SweetIM.A) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\news.png (PUP.Optional.SweetIM.A) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png (PUP.Optional.SweetIM.A) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml (PUP.Optional.SweetIM.A) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png (PUP.Optional.SweetIM.A) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png (PUP.Optional.SweetIM.A) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png (PUP.Optional.SweetIM.A) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png (PUP.Optional.SweetIM.A) -> No action taken.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png (PUP.Optional.SweetIM.A) -> No action taken.C:\Program Files\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Delete on reboot.C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Delete on reboot.C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (PUP.Optional.SweetIM) -> Delete on reboot.C:\Program Files\SweetIM\Communicator\mgcommon.dll (PUP.Optional.SweetIM) -> Delete on reboot.C:\Program Files\SweetIM\Communicator\mgxml_wrapper.dll (PUP.Optional.SweetIM) -> Delete on reboot.C:\Program Files\SweetIM\Communicator\mgcommunication.dll (PUP.Optional.SweetIM) -> Delete on reboot.C:\Program Files\SweetIM\Communicator\mgsimcommon.dll (PUP.Optional.SweetIM) -> Delete on reboot.C:\Users\APEC\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Delete on reboot.C:\Users\APEC\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.Conduit.A) -> Delete on reboot.C:\Program Files\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Program Files\BetterSurf\ie\BetterSurf.dll (Adware.BetterSurf) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.C:\Program Files\Shareaza Applications\MediaBar\Datamngr\BrowserConnection.dll (PUP.Datamngr) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.C:\Program Files\Codec-V\Uninstall.exe (Trojan.LilyJade) -> Quarantined and deleted successfully.C:\Program Files\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.C:\Program Files\Graphisoft\ArchiCAD 14\Archicad.14.int_Crk.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\bin\SPHook32.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\bin\SPRunner.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\bin\SPTool64.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\bin\uninstall.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cssrs.exe (Trojan.StartPage.CSS) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\bin\SPHook32.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\bin\SPHook32.dll_20130317195125.530 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\bin\SPRunner.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\bin\uninstall.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Windows\Installer\2792bb.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.C:\ProgramData\IBUpdaterService\ibsvc.exe (Adware.InstallBrain) -> Delete on reboot.C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Program Files\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.C:\Users\APEC\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Quarantined and deleted successfully.C:\Program Files\Shareaza Applications\MediaBar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr.A) -> Delete on reboot.C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome.manifest (Adware.Zwangi) -> Quarantined and deleted successfully.C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome\basicscan.jar (Adware.Zwangi) -> Quarantined and deleted successfully.C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences\prefs.js (Adware.Zwangi) -> Quarantined and deleted successfully.C:\Users\APEC\Local Settings\Application Data\RavenBleuSA\bin\1.0.16.0\copyright.txt (Adware.Hotbar.RB) -> Quarantined and deleted successfully.C:\Users\APEC\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\default.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\about.html (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dating.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\find.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\help.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\music.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\options.html (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\photos.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
kevinf80 Posted December 16, 2013 ID:765138 Share Posted December 16, 2013 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Next, Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Quick scanMake sure that everything is checked, and click Remove Selected on any found items. Post the produced log.. Next, Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done you'll see: Pending: Uncheck any elements you don't want removed. Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look over the log especially under Files/Folders for any program you want to save. If there's a program you want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. If you're ready to clean it all up.....click the Clean button. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted (if necessary): Go to Tools > Quarantine Manager > check what you want restored > now click on Restore. Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Post the produced logs in next reply... Thanks, Kevin Link to post Share on other sites More sharing options...
sam1112 Posted December 17, 2013 Author ID:765363 Share Posted December 17, 2013 hi kevin i did the scans mbam : Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.16.06Windows 7 x86 NTFSInternet Explorer 8.0.7600.16385APEC :: APEC-PC [administrator]Protection: Enabled12/17/2013 10:09:04 AMmbam-log-2013-12-17 (10-09-04).txtScan type: Full scan (C:\|D:\|E:\|F:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 325021Time elapsed: 46 minute(s), 37 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDJJWUAF\upgrade[1].cab (Adware.Zwangi) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
sam1112 Posted December 17, 2013 Author ID:765365 Share Posted December 17, 2013 HI KEVIN IVE ATTACHED THREE POST OF ADW , FRSTFRST.txtAddition.txtAdwCleanerR0.txt Link to post Share on other sites More sharing options...
kevinf80 Posted December 17, 2013 ID:765394 Share Posted December 17, 2013 There are two security systems installed on your PC wirh AV components, Kaspersky and AVG. That is very much counterproductive, have two systems will definitely cause major issues/problems for the operating system. If Kaspersky is your preferred system it is essential that AVG is removed ASAP. Use the removal tool, available here: http://www.avg.com/us-en/utilities Next, Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop. Double click zip file and extract to your Desktop: you will now have 3 versions of the tool on the Desktop: Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open: Copy and paste the following script from the code box and paste into the field.standardsearch;autoruns;autoclean;emptyclsid;emptyalltemp;Select the "Run Script" tab. The following window will open: Please be patient and do not use the PC when the scan is in progress. When complete you maybe asked to re-boot your PC, if so please do Post the produced log in your next reply…..fixlist.txt Link to post Share on other sites More sharing options...
sam1112 Posted December 18, 2013 Author ID:765745 Share Posted December 18, 2013 hi kevin , i did the scan for zoek i took more than 40 minutes so i closed it . should i need to do again? it takes a lot of time . FIX LOG :Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-12-2013 01Ran by APEC at 2013-12-18 16:17:07 Run:1Running from C:\Users\APEC\DesktopBoot Mode: Normal==============================================Content of fixlist:*****************StartSearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=116&systemid=3&sr=0&q={searchTerms}SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD23} URL = http://dts.search-results.com/sr?src=ieb&appid=116&systemid=3&sr=0&q={searchTerms}C:\Users\APEC\AppData\Local\temp\FNP_ACT_InstallerCA.dllEnd*****************HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23} => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD23} => Key not found."C:\Users\APEC\AppData\Local\temp\FNP_ACT_InstallerCA.dll" => File/Directory not found.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
kevinf80 Posted December 18, 2013 ID:765759 Share Posted December 18, 2013 Yes please run Zoek and let it finish, some scan we have to run may take several hours, patience is the key... Link to post Share on other sites More sharing options...
sam1112 Posted December 18, 2013 Author ID:765766 Share Posted December 18, 2013 hi , i did the scan. Link to post Share on other sites More sharing options...
kevinf80 Posted December 18, 2013 ID:765770 Share Posted December 18, 2013 Can you post its log? Link to post Share on other sites More sharing options...
sam1112 Posted December 18, 2013 Author ID:765784 Share Posted December 18, 2013 ive attached the log Link to post Share on other sites More sharing options...
sam1112 Posted December 18, 2013 Author ID:765788 Share Posted December 18, 2013 hi ive attached it zoek-results.log Link to post Share on other sites More sharing options...
kevinf80 Posted December 18, 2013 ID:765806 Share Posted December 18, 2013 Run Zoek again, (accept UAC) The following window will open:Copy and paste the following script from the code box and paste into the field.[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run];r"SearchProtect"=-;rSelect the "Run Script" tab. The following window will open:Please be patient and do not use the PC when the scan is in progress.When complete you maybe asked to re-boot your PC, if so please doPost the produced log in your next reply, let me know if there are any remaining issues or concerns... Kevin Link to post Share on other sites More sharing options...
sam1112 Posted December 19, 2013 Author ID:766133 Share Posted December 19, 2013 hi kevin Zoek.exe v5.0.0.0 Updated 18-December-2013Tool run by APEC on Thu 12/19/2013 at 11:56:43.18.Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\APEC\Desktop\zoek.scr [scan all users] [script inserted]==== Older Logs ======================C:\zoek-results2013-12-18-110617.log 5547 bytesC:\zoek-results2013-12-18-131633.log 137320 bytesC:\zoek-results2013-12-19-062405.log 685 bytes==== Registry Fix Code ======================Windows Registry Editor Version 5.00[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]"SearchProtect"=-==== EOF on Thu 12/19/2013 at 11:57:49.89 ====================== Link to post Share on other sites More sharing options...
kevinf80 Posted December 19, 2013 ID:766161 Share Posted December 19, 2013 Can you run Zoek one more time as before, put the following into the text field:standardsearch;The select the "Run Script" tab... Post log when complete, let me know if there are any remaining issues or concerns.. Thanks, Kevin Link to post Share on other sites More sharing options...
sam1112 Posted December 20, 2013 Author ID:766634 Share Posted December 20, 2013 hi kevin when i start my computer i get application error "MOM.EXE ". before two days i installed service pack 1 i cancelled in between now i cannot fully uninstall it , when i uninstall sp1 it shows error .zoek-results.log Link to post Share on other sites More sharing options...
kevinf80 Posted December 20, 2013 ID:766716 Share Posted December 20, 2013 Can you post a screen shot of the application error. Not sure what you refer to regarding SP1, that service pack is showing up as Installed in Zoek logs... Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit. http://jpshortstuff.247fixes.com/SystemLook_x64.exe <<- 64 bit…. http://images.malwareremoval.com/jpshortstuff/SystemLook.exe <<- 32 bit Double-click SystemLook.exe to run it.Copy the content of the following codebox into the main textfield: :filefindMOM.exe Click the Look button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt Kevin Link to post Share on other sites More sharing options...
sam1112 Posted December 21, 2013 Author ID:767294 Share Posted December 21, 2013 hi kevin, i installed windows service pack 1 and since it took so much time i just cancelled in between the installation process .but when i turned off the pc, windows configured the updates. now it sp1 is not fully installed so i tried to uninstall it and reinstall but while uninstalling i get error that " error in uninstalling sp1. SystemLook 30.07.11 by jpshortstuffLog created at 22:59 on 21/12/2013 by APECAdministrator - Elevation successful========== filefind ==========Searching for "MOM.exe"C:\Program Files\ATI Technologies\ATI.ACE\Branding\MOM.exe --a---- 299008 bytes [21:13 12/05/2011] [16:38 16/12/2013] 05ECCE061A15116B6FA0920C9F8F1A31C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe --a---- 299008 bytes [23:11 23/08/2010] [16:27 16/12/2013] 05ECCE061A15116B6FA0920C9F8F1A31-= EOF =- Link to post Share on other sites More sharing options...
kevinf80 Posted December 21, 2013 ID:767406 Share Posted December 21, 2013 Are you sure SP1 is not installed, it definitely does show in Zoek log header: Zoek.exe v5.0.0.0 Updated 16-December-2013Tool run by APEC on Wed 12/18/2013 at 18:17:11.11.Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Also MOM.exe is legitimate file belonging to ATI Technologies, can you post a screenshot of the error you see.... Link to post Share on other sites More sharing options...
sam1112 Posted December 22, 2013 Author ID:767758 Share Posted December 22, 2013 no its installed but not properly installed . ok is my computer free from all malwares completely . i also saw system hijack and browser hijack in the mbam log. Link to post Share on other sites More sharing options...
sam1112 Posted December 22, 2013 Author ID:767766 Share Posted December 22, 2013 ive attached the error snap shot. since sp1 is not installed properly i got this issue also "WD SES Device has stopped working properly" Link to post Share on other sites More sharing options...
kevinf80 Posted December 22, 2013 ID:767880 Share Posted December 22, 2013 You quote the followingi also saw system hijack and browser hijack in the mbam log.The Malwabytes log you posted previously does not show those entries.... Do you have a different log I can see...Regarding SP1, go to this link: http://www.elmajdal.net/Win7/How_To_Check_If_Service_Pack_One_For_Windows_7_Is_Installed_Or_Not.aspx follow the instruction and tell me if SP1 is showing installed.Regarding "WD SES Device has stopped working properly" that is possibly failing driver for Western Digital Hard drive,Select start > into the search box type device manager then hit enter.In the new window expand Disk drives or whatever your HD is named, is there an exclamation or question mark against the WD hard drive? if so update the driver..Regarding the issue with "MOM.exe" probably reinstalling the relevant software will help... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 28, 2013 Root Admin ID:769804 Share Posted December 28, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts