Jump to content

PLEASE HELP virus or other software preventing me from using search engines


Recommended Posts

Hello everyone, please excuse me if I violate any forum rules, this is my first post.

 

Thank you for taking the time to read my post and helping me in any way.

 

So my uncle recently brought me his laptop to fix with the issue that he could not use any search engines. Any other website works if you type in the full address into the address bar (i.e. ebay.com/malwarebytes.com/facebook.com/etc) even yahoo's homepage is able to connect but when you attempt to search anything in the search bar I get only a loading time icon and eventually the connection times out. The same goes for google.com I cannot access that site at all. Even just using the search bar on the top of an explorer does not change this. I have tried using a different internet browser and the same problem persists. 

 

I have opened the computer in safe mode and run a complete scan with malwarebytes and cleared out all viruses. With multiple restarts and scans it shows all viruses have been quarantined. I have also gone through and manually deleted any suspicious files found in his 'C' drive that were not necessary for his computer to run. I also went under control panel's "add and remove programs" and deleted extra programs from there. I have ran a disc clean up to erase anything that might reside in his temp folders as well. But even after everything I have done and malwarebyte's scans return no more viruses I still can not use the search engine on any internet browser. 

 

I am truly stumped and I am not sure what to do anymore to fix this issue. My last resort is to fully restore the computer back to its factory settings, but even then I am not sure this will solve the issue. 

 

His laptop is an HP Pavillion dv7 running windows 7. His windows is fully up to date and has the latest internet explorer. 

There are almost no programs running on the computer (he uses it for only basic tasks).

 

I believe most of the viruses were registry keys on his computer which leads me to believe it will be tougher to find and remove these files from the computer. I will log on with his computer shortly and upload the mbam logs (should be 2). Should I also upload a picture of me being unable to connect to google.com?

 

Please let me know if I should include anything else that could help solve this case.

Thank you for your help once again!

Link to post
Share on other sites

<?xml version="1.0" encoding="UTF-16"?>

<mbam-log>

<header><date>2015/02/03 16:47:43 -0800</date><logfile>mbam-log-2015-02-03 (16-47-43).xml</logfile><isadmin>yes</isadmin></header>

<engine><version>2.00.4.1028</version><malware-database>v2014.11.20.06</malware-database><rootkit-database>v2014.11.18.01</rootkit-database><license>trial</license><file-protection>disabled</file-protection><web-protection>disabled</web-protection><self-protection>disabled</self-protection></engine><system><osversion>Windows 7 Service Pack 1</osversion><arch>x64</arch><username>Owner</username><filesys>NTFS</filesys></system><summary><type>hyper</type><result>completed</result><objects>270534</objects><time>572</time><processes>0</processes><modules>0</modules><keys>57</keys><values>18</values><datas>4</datas><folders>2</folders><files>3</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>disabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options><items><key><path>HKLM\SOFTWARE\CLASSES\CntntCntr.CntntDic</path><vendor>Adware.Zango</vendor><action>success</action><hash>5da944fa0a724aec05419947ed160cf4</hash></key><key><path>HKLM\SOFTWARE\CLASSES\CntntCntr.CntntDic.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>f21472cc265634021135fae6c3409e62</hash></key><key><path>HKLM\SOFTWARE\CLASSES\CntntCntr.CntntDisp</path><vendor>Adware.Zango</vendor><action>success</action><hash>1aec81bd2a520333093e637dbd46d22e</hash></key><key><path>HKLM\SOFTWARE\CLASSES\CntntCntr.CntntDisp.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>31d584ba0f6d87af2e19d20e8083669a</hash></key><key><path>HKLM\SOFTWARE\CLASSES\CoreSrv.CoreServices</path><vendor>Adware.Zango</vendor><action>success</action><hash>bf4760de1a62a3934f14a63a3ec56997</hash></key><key><path>HKLM\SOFTWARE\CLASSES\CoreSrv.CoreServices.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>cd396cd27507043277ec5a86d033c13f</hash></key><key><path>HKLM\SOFTWARE\CLASSES\CoreSrv.LfgAx</path><vendor>Adware.Zango</vendor><action>success</action><hash>ec1ad7671b6142f4cb99657bfa0960a0</hash></key><key><path>HKLM\SOFTWARE\CLASSES\CoreSrv.LfgAx.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>3dc996a86f0d95a1d29202decb380bf5</hash></key><key><path>HKLM\SOFTWARE\CLASSES\HBMain.CommBand</path><vendor>Adware.Zango</vendor><action>success</action><hash>ec1ac07e4834b284aa55f6ea946f7090</hash></key><key><path>HKLM\SOFTWARE\CLASSES\HBMain.CommBand.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>f31340fed3a954e2dc2331afad5656aa</hash></key><key><path>HKLM\SOFTWARE\CLASSES\hbr.HbMain</path><vendor>Adware.Zango</vendor><action>success</action><hash>55b146f81864979f3fc18160f2119070</hash></key><key><path>HKLM\SOFTWARE\CLASSES\hbr.HbMain.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>f610340aa2da979f6c94cf124fb48080</hash></key><key><path>HKLM\SOFTWARE\CLASSES\HostIE.Bho</path><vendor>Adware.Zango</vendor><action>success</action><hash>90760f2fabd1152184848160f01352ae</hash></key><key><path>HKLM\SOFTWARE\CLASSES\HostIE.Bho.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>8185241ad1ab59dde91f449d48bbff01</hash></key><key><path>HKLM\SOFTWARE\CLASSES\HostOL.MailAnim</path><vendor>Adware.Zango</vendor><action>success</action><hash>29dd9ba367153bfb21e8bc25ff049070</hash></key><key><path>HKLM\SOFTWARE\CLASSES\HostOL.MailAnim.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>1beb1b23d0ac5fd74fbacb1646bd02fe</hash></key><key><path>HKLM\SOFTWARE\CLASSES\HostOL.WebmailSend</path><vendor>Adware.Zango</vendor><action>success</action><hash>dc2a4af49ce0b4820efcf6eb07fc9f61</hash></key><key><path>HKLM\SOFTWARE\CLASSES\HostOL.WebmailSend.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>b353c777e59754e242c85f828380bc44</hash></key><key><path>HKLM\SOFTWARE\CLASSES\Srv.CoreServices</path><vendor>Adware.Zango</vendor><action>success</action><hash>b94de75724589c9a81bb786a996a30d0</hash></key><key><path>HKLM\SOFTWARE\CLASSES\Srv.CoreServices.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>33d388b6f884979fa597b32ffa095da3</hash></key><key><path>HKLM\SOFTWARE\CLASSES\Toolbar.HtmlMenuUI</path><vendor>Adware.Zango</vendor><action>success</action><hash>f115b6882c506bcb7bfa964cc73cbb45</hash></key><key><path>HKLM\SOFTWARE\CLASSES\Toolbar.HtmlMenuUI.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>0204af8fe09c7db9dc99df03f013659b</hash></key><key><path>HKLM\SOFTWARE\CLASSES\Toolbar.ToolbarCtl</path><vendor>Adware.Zango</vendor><action>success</action><hash>a2647cc24834ad892354cd154db65ba5</hash></key><key><path>HKLM\SOFTWARE\CLASSES\Toolbar.ToolbarCtl.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>30d6c47a2a520f2784f38e547192ea16</hash></key><key><path>HKLM\SOFTWARE\CLASSES\APPID\GamevanceText.DLL</path><vendor>Adware.GameVance</vendor><action>success</action><hash>2dd9d36bd6a65ed81ec57f23ad56cb35</hash></key><key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\init32.exe </path><vendor>Security.Hijack</vendor><action>success</action><hash>b551c27c2359d165071621d54bb88779</hash></key><key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mrt.exe</path><vendor>Trojan.Agent</vendor><action>success</action><hash>b4527bc3d8a459dd7993bb3c1de66898</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CntntCntr.CntntDic</path><vendor>Adware.Zango</vendor><action>success</action><hash>5aacb08e0a728ea8f94d914fb84ba55b</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CntntCntr.CntntDic.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>48be89b5fd7ff1459caaf6eafe0552ae</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CntntCntr.CntntDisp</path><vendor>Adware.Zango</vendor><action>success</action><hash>d03659e54a321422cc7b03dda063ff01</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CntntCntr.CntntDisp.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>e71f16282359ba7c3f0827b98e7540c0</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CoreSrv.CoreServices</path><vendor>Adware.Zango</vendor><action>success</action><hash>56b0053985f73303a3c0934de61d2dd3</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CoreSrv.CoreServices.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>bb4b102e74086ec8055e4997f40fab55</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CoreSrv.LfgAx</path><vendor>Adware.Zango</vendor><action>success</action><hash>40c69ba383f957df4d176f7117ecad53</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CoreSrv.LfgAx.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>df27ed515f1de155e67ea43cf01332ce</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\HBMain.CommBand</path><vendor>Adware.Zango</vendor><action>success</action><hash>bd49e45a1567999d0ef114ccd0337789</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\HBMain.CommBand.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>dc2a132ba9d3b58116e901df57acf20e</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\hbr.HbMain</path><vendor>Adware.Zango</vendor><action>success</action><hash>4bbbf648cab244f2e51b26bb7e85857b</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\hbr.HbMain.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>07ff08368cf0d26443bde2ff35ceee12</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\HostIE.Bho</path><vendor>Adware.Zango</vendor><action>success</action><hash>cf3740fe5725bf7734d4be23778c46ba</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\HostIE.Bho.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>6d99fe40d2aad75f13f51cc505feb050</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\HostOL.MailAnim</path><vendor>Adware.Zango</vendor><action>success</action><hash>e91dca7481fbf1453ccdc41d63a0fc04</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\HostOL.MailAnim.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>26e075c9f08ca294997039a8768dee12</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\HostOL.WebmailSend</path><vendor>Adware.Zango</vendor><action>success</action><hash>e323cd71b1cbc17526e4548d798a3fc1</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\HostOL.WebmailSend.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>0ff75ce295e763d388823fa22bd8758b</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Srv.CoreServices</path><vendor>Adware.Zango</vendor><action>success</action><hash>996d013d176502348ab237ab6a995da3</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Srv.CoreServices.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>5caae25c275545f162dab72ba45f48b8</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.HtmlMenuUI</path><vendor>Adware.Zango</vendor><action>success</action><hash>db2bd46ad4a80135d69fca189a69847c</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.HtmlMenuUI.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>60a62816aecebd79e392cc16da29b848</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.ToolbarCtl</path><vendor>Adware.Zango</vendor><action>success</action><hash>72945fdf5b2195a11f58b72b7093ee12</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.ToolbarCtl.1</path><vendor>Adware.Zango</vendor><action>success</action><hash>60a653ebb6c6c76fbfb8b32f8e75718f</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\GamevanceText.DLL</path><vendor>Adware.GameVance</vendor><action>success</action><hash>0ff7e45a6517c57118cb574b699ab14f</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\init32.exe </path><vendor>Security.Hijack</vendor><action>success</action><hash>7e88f14dfd7f7cba26f7cf27eb185fa1</hash></key><key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mrt.exe</path><vendor>Trojan.Agent</vendor><action>success</action><hash>fa0c2717225ae74ff7156e890ff448b8</hash></key><key><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\gvtl</path><vendor>Malware.Trace</vendor><action>success</action><hash>d43265d96b11da5ce4afa83cef1458a8</hash></key><key><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\gvtl</path><vendor>Adware.GameVance</vendor><action>success</action><hash>60a6ea54acd00b2bd210544eb74cb947</hash></key><key><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>57afb48a2f4d47efef591352af54b24e</hash></key><value><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path><valuename>0</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>msseces.exe</valuedata><hash>4bbb53eb2b5170c61e8e91550ef54fb1</hash></value><value><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path><valuename>1</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>MSASCui.exe</valuedata><hash>eb1b6ad4bfbd26103a71e8fef70c1de3</hash></value><value><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path><valuename>2</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>ekrn.exe</valuedata><hash>8b7b9ca22953e05642686185dc270ff1</hash></value><value><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path><valuename>3</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>egui.exe</valuedata><hash>bf4767d7bbc16acca009697d30d3f010</hash></value><value><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path><valuename>4</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>avgnt.exe</valuedata><hash>ca3c340a0e6eeb4bf7ace9fd7d86f709</hash></value><value><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path><valuename>5</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>avcenter.exe</valuedata><hash>2cdac17d582462d4039a974f5da648b8</hash></value><value><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path><valuename>6</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>avscan.exe</valuedata><hash>dc2a50ee90ec171f33751bcb976ca35d</hash></value><value><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path><valuename>7</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>avgfrw.exe</valuedata><hash>9c6a94aab0ccb383930f3da9fc07857b</hash></value><value><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path><valuename>8</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>avgui.exe</valuedata><hash>d82e51ed3f3d69cd01a526c033d001ff</hash></value><value><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path><valuename>9</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>avgtray.exe</valuedata><hash>44c2c8764c301b1b64417571a3600bf5</hash></value><value><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path><valuename>10</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>avgscanx.exe</valuedata><hash>d036bb83225a181e7034af37699af10f</hash></value><value><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path><valuename>11</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>avgcfgex.exe</valuedata><hash>907647f7c1bbd066831b578f847fb848</hash></value><value><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path><valuename>12</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>avgemc.exe</valuedata><hash>d432e559e894cd69277a05e11ee57f81</hash></value><value><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path><valuename>13</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>avgchsvx.exe</valuedata><hash>f412a39ba5d782b4762903e38083827e</hash></value><value><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path><valuename>14</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>avgcmgr.exe</valuedata><hash>62a4300e4537f73fffa112d480839c64</hash></value><value><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path><valuename>15</valuename><vendor>Security.Hijack</vendor><action>success</action><valuedata>avgwdsvc.exe</valuedata><hash>48be76c8740893a3a106a442d62ded13</hash></value><value><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>Internet Antivirus 2011</valuename><vendor>Trojan.FakeAlert</vendor><action>success</action><valuedata>"C:\ProgramData\7c6248\IA7c6_328.exe" /s /d</valuedata><hash>fb0bc77733493df91fe2970b6b989967</hash></value><value><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>Startup</valuename><vendor>Trojan.Agent</vendor><action>success</action><valuedata>C:\Users\Owner\AppData\Roaming\Microsoft\svchost.exe</valuedata><hash>000677c72755cc6a8f350b80c73c1de3</hash></value><data><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>URL</valuename><vendor>Hijack.SearchPage</vendor><action>replaced</action><valuedata>http://findgala.com/?&uid=328&q={searchTerms}</valuedata><baddata>http://findgala.com/?&uid=328&q={searchTerms}</baddata><gooddata>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}</gooddata><hash>36d059e50d6f280ed8c13e0cd134a25e</hash></data><data><path>HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>URL</valuename><vendor>Hijack.SearchPage</vendor><action>replaced</action><valuedata>http://findgala.com/?&uid=328&q={searchTerms}</valuedata><baddata>http://findgala.com/?&uid=328&q={searchTerms}</baddata><gooddata>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}</gooddata><hash>7e88c37bc6b62f070594c68422e3d729</hash></data><data><path>HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>URL</valuename><vendor>Hijack.SearchPage</vendor><action>replaced</action><valuedata>http://findgala.com/?&uid=328&q={searchTerms}</valuedata><baddata>http://findgala.com/?&uid=328&q={searchTerms}</baddata><gooddata>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}</gooddata><hash>897d75c92d4f979f5841d2786e9724dc</hash></data><data><path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED</path><valuename>Start_ShowSearch</valuename><vendor>PUM.Hijack.StartMenu</vendor><action>replaced</action><valuedata>0</valuedata><baddata>0</baddata><gooddata>1</gooddata><hash>0600d46a0e6e211590cd04478f76ea16</hash></data><folder><path>C:\Users\Owner\AppData\Roaming\Internet Antivirus 2011</path><vendor>Rogue.InternetAntiVirus</vendor><action>success</action><hash>0204bf7f5d1fcb6b0df89b5e61a1f50b</hash></folder><folder><path>C:\Program Files (x86)\Gamevance</path><vendor>Adware.Gamevance</vendor><action>success</action><hash>30d6f6488fedd660336ab04c6d9535cb</hash></folder><file><path>C:\Users\Owner\AppData\Roaming\Internet Antivirus 2011\Instructions.ini</path><vendor>Rogue.InternetAntiVirus</vendor><action>success</action><hash>0204bf7f5d1fcb6b0df89b5e61a1f50b</hash></file><file><path>C:\Program Files (x86)\Gamevance\ars.cfg</path><vendor>Adware.Gamevance</vendor><action>success</action><hash>30d6f6488fedd660336ab04c6d9535cb</hash></file><file><path>C:\Program Files (x86)\Gamevance\icon.ico</path><vendor>Adware.Gamevance</vendor><action>success</action><hash>30d6f6488fedd660336ab04c6d9535cb</hash></file></items></mbam-log>

Link to post
Share on other sites

Sorry I could not find a file uploader to upload the mbam logs. I have just copied and pasted the log as before here.



<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2015/02/02 21:47:58 -0800</date>

<logfile>mbam-log-2015-02-02 (21-47-57).xml</logfile>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.00.4.1028</version>

<malware-database>v2015.02.03.02</malware-database>

<rootkit-database>v2015.01.14.01</rootkit-database>

<license>trial</license>

<file-protection>enabled</file-protection>

<web-protection>enabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x64</arch>

<username>Owner</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>hyper</type>

<result>completed</result>

<objects>286524</objects>

<time>729</time>

<processes>0</processes>

<modules>0</modules>

<keys>59</keys>

<values>18</values>

<datas>4</datas>

<folders>9</folders>

<files>13</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>disabled</filesystem>

<archives>enabled</archives>

<rootkits>disabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>


-<items>


-<key>

<path>HKLM\SOFTWARE\CLASSES\CntntCntr.CntntDic</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>d836f72386042b0b0d892410d52f7789</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\CntntCntr.CntntDic.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>030b8d8dc4c695a1fd995fd5c24230d0</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\CntntCntr.CntntDisp</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>f11d2feb7713b28447503ef6bc487a86</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\CntntCntr.CntntDisp.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>7797e6345337b086c9ce48ec877d60a0</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\CoreSrv.CoreServices</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>729c54c6236753e39f14260eb94bb14f</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\CoreSrv.CoreServices.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>5eb085958efcfc3a7d36989c7094f60a</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\CoreSrv.LfgAx</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>47c76bafcac02313cfe560d4eb19b14f</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\CoreSrv.LfgAx.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>4bc3c852f793af87c9eba88cf50fe020</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\HBMain.CommBand</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>54ba5dbdafdbd75f3817043130d4a957</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\HBMain.CommBand.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>7f8fc2586f1bd3635ef192a3eb19cd33</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\hbr.HbMain</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>8f7ff5259ceed75fde7236ffaa5af907</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\hbr.HbMain.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>a76756c44644cf67fc5471c4e222a45c</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\HostIE.Bho</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>bf4f45d582086bcbc09869cce71de61a</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\HostIE.Bho.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>de306dad8ffb3bfb510793a291738878</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\HostOL.MailAnim</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>ff0f8f8b751560d63a1f85b07e8647b9</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\HostOL.MailAnim.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>ef1f9783ec9ef0468acf79bc41c3af51</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\HostOL.WebmailSend</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>8b83b7631e6ccc6af06a3afb5aaa857b</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\HostOL.WebmailSend.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>a866d743177396a059011d1861a37789</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\Srv.CoreServices</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>12fc29f1adddcf67523acd69867eda26</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\Srv.CoreServices.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>5eb0f02a71191026058767cfcd37d828</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\Toolbar.HtmlMenuUI</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>ef1fea309cee4fe7d7ee67cf27dde020</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\Toolbar.HtmlMenuUI.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>9e704dcd6b1f082e1aabf93d60a4a25e</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\Toolbar.ToolbarCtl</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>25e975a547433105a126a195ea1ad32d</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\Toolbar.ToolbarCtl.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>719d35e5ed9d5dd963642a0c7e8608f8</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\CLASSES\APPID\GamevanceText.DLL</path>

<vendor>Adware.GameVance</vendor>

<action>success</action>

<hash>709eb06a27631a1c0d29c730857e7987</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\init32.exe </path>

<vendor>Security.Hijack</vendor>

<action>success</action>

<hash>bd5172a85832d85e561784c6ab59b24e</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mrt.exe</path>

<vendor>Trojan.Agent</vendor>

<action>success</action>

<hash>68a6b06ae8a25adc54088ac1bf45f907</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe</path>

<vendor>Security.Hijack</vendor>

<action>success</action>

<hash>947a1802fb8f62d452299bb06f957888</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CntntCntr.CntntDic</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>789666b4a2e8f046b2e40d27b05448b8</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CntntCntr.CntntDic.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>d13d69b10882cd69682e290bd133cb35</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CntntCntr.CntntDisp</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>0d01ff1b286275c15542b084ab5935cb</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CntntCntr.CntntDisp.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>0905a5756c1ed4629afdc074d82cb44c</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CoreSrv.CoreServices</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>4fbff129c6c4e94d00b371c3d4307b85</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CoreSrv.CoreServices.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>c549d347bbcfa2947e35b2826e961ee2</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CoreSrv.LfgAx</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>dd31b66443471d19199bc4707193a15f</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CoreSrv.LfgAx.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>37d7849667231a1c496bcf653ec601ff</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\HBMain.CommBand</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>14fa0911513952e4b99650e514f0f40c</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\HBMain.CommBand.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>13fbd7433d4d1b1b7bd450e52dd7926e</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\hbr.HbMain</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>bc52b26890fa270f133d70c52ed61de3</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\hbr.HbMain.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>f11d1dfd5d2da294ed63de574eb618e8</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\HostIE.Bho</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>070781990684a88efa5eaa8bda2ad32d</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\HostIE.Bho.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>eb23dd3db8d2310588d04ee72fd543bd</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\HostOL.MailAnim</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>41cded2df49643f3c9908baa8282c63a</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\HostOL.MailAnim.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>d23cbd5d632721157cdd82b38c78a15f</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\HostOL.WebmailSend</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>e22ceb2f682296a0f66488adc93b9b65</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\HostOL.WebmailSend.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>fe1044d6fa90a78fe278af86a65ee61a</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Srv.CoreServices</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>20eee13941491521bdcffe380cf88977</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Srv.CoreServices.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>45c9ed2db5d5a096a0ec360091734cb4</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.HtmlMenuUI</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>2ae470aa3a50dd59794cb87ee4207c84</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.HtmlMenuUI.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>9b734ad044465fd79e2778be699b1fe1</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.ToolbarCtl</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>48c655c55e2cad891ea9280e60a4be42</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.ToolbarCtl.1</path>

<vendor>Adware.Zango</vendor>

<action>success</action>

<hash>f11d3fdbd0ba86b0fdca73c332d2a759</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\GamevanceText.DLL</path>

<vendor>Adware.GameVance</vendor>

<action>success</action>

<hash>b9551a00d1b931054de9ce29a261af51</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\init32.exe </path>

<vendor>Security.Hijack</vendor>

<action>success</action>

<hash>cb432feb61294ee8c9a4e367b54f35cb</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mrt.exe</path>

<vendor>Trojan.Agent</vendor>

<action>success</action>

<hash>48c65fbbf7930432e07c3f0c12f2ad53</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe</path>

<vendor>Security.Hijack</vendor>

<action>success</action>

<hash>888672a87713e74f88f397b40103d62a</hash>

</key>


-<key>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\gvtl</path>

<vendor>Malware.Trace</vendor>

<action>success</action>

<hash>4ac41802602af83ebb282018b64e1be5</hash>

</key>


-<key>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic</path>

<vendor>PUP.Optional.Softonic.A</vendor>

<action>success</action>

<hash>f61807139bef3600be32e7a2966d41bf</hash>

</key>


-<key>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\gvtl</path>

<vendor>Adware.GameVance</vendor>

<action>success</action>

<hash>090527f346449e986cc9b14646bddd23</hash>

</key>


-<value>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path>

<valuename>0</valuename>

<vendor>Security.Hijack</vendor>

<action>success</action>

<valuedata>msseces.exe</valuedata>

<hash>7b938991d2b8d0666894d46655afd32d</hash>

</value>


-<value>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path>

<valuename>1</valuename>

<vendor>Security.Hijack</vendor>

<action>success</action>

<valuedata>MSASCui.exe</valuedata>

<hash>e62806142f5b2f07867584b68a7a9868</hash>

</value>


-<value>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path>

<valuename>2</valuename>

<vendor>Security.Hijack</vendor>

<action>success</action>

<valuedata>ekrn.exe</valuedata>

<hash>c7473edce6a406308179a89226de4eb2</hash>

</value>


-<value>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path>

<valuename>3</valuename>

<vendor>Security.Hijack</vendor>

<action>success</action>

<valuedata>egui.exe</valuedata>

<hash>68a60812583252e4df1aa793877d05fb</hash>

</value>


-<value>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path>

<valuename>4</valuename>

<vendor>Security.Hijack</vendor>

<action>success</action>

<valuedata>avgnt.exe</valuedata>

<hash>e32bfe1c63271d1926cdc07ae81cee12</hash>

</value>


-<value>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path>

<valuename>5</valuename>

<vendor>Security.Hijack</vendor>

<action>success</action>

<valuedata>avcenter.exe</valuedata>

<hash>64aa1bff96f40a2c32bbdb5fc440b749</hash>

</value>


-<value>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path>

<valuename>6</valuename>

<vendor>Security.Hijack</vendor>

<action>success</action>

<valuedata>avscan.exe</valuedata>

<hash>2be39189e0aaa4927781ae8c5ea6b34d</hash>

</value>


-<value>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path>

<valuename>7</valuename>

<vendor>Security.Hijack</vendor>

<action>success</action>

<valuedata>avgfrw.exe</valuedata>

<hash>3dd1f822b4d66cca46ac78c2b54f5aa6</hash>

</value>


-<value>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path>

<valuename>8</valuename>

<vendor>Security.Hijack</vendor>

<action>success</action>

<valuedata>avgui.exe</valuedata>

<hash>828c7f9bd3b750e69e5860dabe469070</hash>

</value>


-<value>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path>

<valuename>9</valuename>

<vendor>Security.Hijack</vendor>

<action>success</action>

<valuedata>avgtray.exe</valuedata>

<hash>40cedc3eef9b2e08787d7ebcd33107f9</hash>

</value>


-<value>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path>

<valuename>10</valuename>

<vendor>Security.Hijack</vendor>

<action>success</action>

<valuedata>avgscanx.exe</valuedata>

<hash>6ca223f795f5c670767e5cde81830000</hash>

</value>


-<value>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path>

<valuename>11</valuename>

<vendor>Security.Hijack</vendor>

<action>success</action>

<valuedata>avgcfgex.exe</valuedata>

<hash>28e6db3fe8a27fb711ddfc3e57add030</hash>

</value>


-<value>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path>

<valuename>12</valuename>

<vendor>Security.Hijack</vendor>

<action>success</action>

<valuedata>avgemc.exe</valuedata>

<hash>0c0250ca05851c1a47aa0d2d4bb9669a</hash>

</value>


-<value>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path>

<valuename>13</valuename>

<vendor>Security.Hijack</vendor>

<action>success</action>

<valuedata>avgchsvx.exe</valuedata>

<hash>b559e337088240f6e50a4dedef151be5</hash>

</value>


-<value>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path>

<valuename>14</valuename>

<vendor>Security.Hijack</vendor>

<action>success</action>

<valuedata>avgcmgr.exe</valuedata>

<hash>d43a59c1b1d90f27b13fc27859ab2ed2</hash>

</value>


-<value>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWRUN</path>

<valuename>15</valuename>

<vendor>Security.Hijack</vendor>

<action>success</action>

<valuedata>avgwdsvc.exe</valuedata>

<hash>0c0262b8f595cc6ac6311723a1637f81</hash>

</value>


-<value>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path>

<valuename>Internet Antivirus 2011</valuename>

<vendor>Trojan.FakeAlert</vendor>

<action>success</action>

<valuedata>"C:\ProgramData\7c6248\IA7c6_328.exe" /s /d</valuedata>

<hash>f11d87932c5ec76fa2b2b4426f940ff1</hash>

</value>


-<value>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path>

<valuename>Startup</valuename>

<vendor>Trojan.Agent</vendor>

<action>success</action>

<valuedata>C:\Users\Owner\AppData\Roaming\Microsoft\svchost.exe</valuedata>

<hash>f9150416008adc5ae231c11f39caa45c</hash>

</value>


-<data>

<path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path>

<valuename>URL</valuename>

<vendor>Hijack.SearchPage</vendor>

<action>replaced</action>

<valuedata>http://findgala.com/?&uid=328&q={searchTerms}</valuedata>

<baddata>http://findgala.com/?&uid=328&q={searchTerms}</baddata>

<gooddata>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}</gooddata>

<hash>be5057c35436ae8889669f0c788d9b65</hash>

</data>


-<data>

<path>HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path>

<valuename>URL</valuename>

<vendor>Hijack.SearchPage</vendor>

<action>replaced</action>

<valuedata>http://findgala.com/?&uid=328&q={searchTerms}</valuedata>

<baddata>http://findgala.com/?&uid=328&q={searchTerms}</baddata>

<gooddata>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}</gooddata>

<hash>1cf2b169deaccb6b539c9d0e6c99b848</hash>

</data>


-<data>

<path>HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path>

<valuename>URL</valuename>

<vendor>Hijack.SearchPage</vendor>

<action>replaced</action>

<valuedata>http://findgala.com/?&uid=328&q={searchTerms}</valuedata>

<baddata>http://findgala.com/?&uid=328&q={searchTerms}</baddata>

<gooddata>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}</gooddata>

<hash>42cc50cae5a537ffc12e694292730af6</hash>

</data>


-<data>

<path>HKU\S-1-5-21-2874127462-882046301-1494431916-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED</path>

<valuename>Start_ShowSearch</valuename>

<vendor>PUM.Hijack.StartMenu</vendor>

<action>replaced</action>

<valuedata>0</valuedata>

<baddata>0</baddata>

<gooddata>1</gooddata>

<hash>20ee43d7dcae81b5ecc7a10b62a3c13f</hash>

</data>


-<folder>

<path>C:\Users\Owner\AppData\Roaming\Internet Antivirus 2011</path>

<vendor>Rogue.InternetAntiVirus</vendor>

<action>success</action>

<hash>57b7ee2cdeace74fbb14d069847f60a0</hash>

</folder>


-<folder>

<path>C:\Users\Owner\AppData\Roaming\HBLite</path>

<vendor>Adware.Hotbar</vendor>

<action>success</action>

<hash>9f6f081246446ccabea08eac4ab9d62a</hash>

</folder>


-<folder>

<path>C:\ProgramData\HBLiteSA</path>

<vendor>Adware.Hotbar</vendor>

<action>success</action>

<hash>14fa31e99bef053178e7be7ce91a7888</hash>

</folder>


-<folder>

<path>C:\Users\Owner\AppData\LocalLow\ShoppingReport2</path>

<vendor>PUP.Optional.ShoppingReport.A</vendor>

<action>success</action>

<hash>e72725f59febd75f758b1744af54c937</hash>

</folder>


-<folder>

<path>C:\Users\Owner\AppData\LocalLow\ShoppingReport2\cs</path>

<vendor>PUP.Optional.ShoppingReport.A</vendor>

<action>success</action>

<hash>e72725f59febd75f758b1744af54c937</hash>

</folder>


-<folder>

<path>C:\Users\Owner\AppData\LocalLow\ShoppingReport2\cs\db</path>

<vendor>PUP.Optional.ShoppingReport.A</vendor>

<action>success</action>

<hash>e72725f59febd75f758b1744af54c937</hash>

</folder>


-<folder>

<path>C:\Users\Owner\AppData\LocalLow\ShoppingReport2\cs\dwld</path>

<vendor>PUP.Optional.ShoppingReport.A</vendor>

<action>success</action>

<hash>e72725f59febd75f758b1744af54c937</hash>

</folder>


-<folder>

<path>C:\Users\Owner\AppData\LocalLow\ShoppingReport2\cs\report</path>

<vendor>PUP.Optional.ShoppingReport.A</vendor>

<action>success</action>

<hash>e72725f59febd75f758b1744af54c937</hash>

</folder>


-<folder>

<path>C:\Users\Owner\AppData\LocalLow\ShoppingReport2\cs\res1</path>

<vendor>PUP.Optional.ShoppingReport.A</vendor>

<action>success</action>

<hash>e72725f59febd75f758b1744af54c937</hash>

</folder>


-<file>

<path>C:\Users\Owner\AppData\Roaming\Internet Antivirus 2011\Instructions.ini</path>

<vendor>Rogue.InternetAntiVirus</vendor>

<action>success</action>

<hash>57b7ee2cdeace74fbb14d069847f60a0</hash>

</file>


-<file>

<path>C:\ProgramData\HBLiteSA\HBLiteSA.dat</path>

<vendor>Adware.Hotbar</vendor>

<action>success</action>

<hash>14fa31e99bef053178e7be7ce91a7888</hash>

</file>


-<file>

<path>C:\ProgramData\HBLiteSA\HBLiteSAAbout.mht</path>

<vendor>Adware.Hotbar</vendor>

<action>success</action>

<hash>14fa31e99bef053178e7be7ce91a7888</hash>

</file>


-<file>

<path>C:\ProgramData\HBLiteSA\HBLiteSAau.dat</path>

<vendor>Adware.Hotbar</vendor>

<action>success</action>

<hash>14fa31e99bef053178e7be7ce91a7888</hash>

</file>


-<file>

<path>C:\ProgramData\HBLiteSA\HBLiteSAEULA.mht</path>

<vendor>Adware.Hotbar</vendor>

<action>success</action>

<hash>14fa31e99bef053178e7be7ce91a7888</hash>

</file>


-<file>

<path>C:\ProgramData\HBLiteSA\HBLiteSA_kyf.dat</path>

<vendor>Adware.Hotbar</vendor>

<action>success</action>

<hash>14fa31e99bef053178e7be7ce91a7888</hash>

</file>


-<file>

<path>C:\Users\Owner\AppData\LocalLow\ShoppingReport2\cs\Config.xml</path>

<vendor>PUP.Optional.ShoppingReport.A</vendor>

<action>success</action>

<hash>e72725f59febd75f758b1744af54c937</hash>

</file>


-<file>

<path>C:\Users\Owner\AppData\LocalLow\ShoppingReport2\cs\db\Aliases.dbs</path>

<vendor>PUP.Optional.ShoppingReport.A</vendor>

<action>success</action>

<hash>e72725f59febd75f758b1744af54c937</hash>

</file>


-<file>

<path>C:\Users\Owner\AppData\LocalLow\ShoppingReport2\cs\db\Sites.dbs</path>

<vendor>PUP.Optional.ShoppingReport.A</vendor>

<action>success</action>

<hash>e72725f59febd75f758b1744af54c937</hash>

</file>


-<file>

<path>C:\Users\Owner\AppData\LocalLow\ShoppingReport2\cs\dwld\WhiteList.xip</path>

<vendor>PUP.Optional.ShoppingReport.A</vendor>

<action>success</action>

<hash>e72725f59febd75f758b1744af54c937</hash>

</file>


-<file>

<path>C:\Users\Owner\AppData\LocalLow\ShoppingReport2\cs\report\aggr_storage.xml</path>

<vendor>PUP.Optional.ShoppingReport.A</vendor>

<action>success</action>

<hash>e72725f59febd75f758b1744af54c937</hash>

</file>


-<file>

<path>C:\Users\Owner\AppData\LocalLow\ShoppingReport2\cs\report\send_storage.xml</path>

<vendor>PUP.Optional.ShoppingReport.A</vendor>

<action>success</action>

<hash>e72725f59febd75f758b1744af54c937</hash>

</file>


-<file>

<path>C:\Users\Owner\AppData\LocalLow\ShoppingReport2\cs\res1\WhiteList.dbs</path>

<vendor>PUP.Optional.ShoppingReport.A</vendor>

<action>success</action>

<hash>e72725f59febd75f758b1744af54c937</hash>

</file>

</items>

</mbam-log>

Link to post
Share on other sites

  • 3 months later...
  • Root Admin

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.

Thank you and sorry we missed your topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.