A case of several viruses invading system registry

**JonTom** · 2012-06-22, 18:25

Hello Aelo123

Please post the OTL log as requested

**Aelo123** · 2012-06-22, 20:04

Sorry, I forgot. Here it is:-

All processes killed
========== OTL ==========
Unable to kill active process explorer.exe!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{21087D8A-7075-41CF-86F0-12F73EE04367}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21087D8A-7075-41CF-86F0-12F73EE04367}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Alnaddy" removed from browser.search.selectedEngine
Prefs.js: "http://www.alnaddy.com/?afltid=wbpk" removed from browser.startup.homepage
Prefs.js: "http://www.alnaddy.com/search/?q=" removed from keyword.URL
File C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\searchplugins\alnaddyToolbar.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D8F1BBE-C6FA-6CDF-A687-DC47DA301414}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D8F1BBE-C6FA-6CDF-A687-DC47DA301414}\ not found.
File C:\ProgramData\Codecv\bhoclass.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}\ not found.
File C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\bh\alnaddyToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CD3AED25-23AB-4543-B915-159449C37197} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD3AED25-23AB-4543-B915-159449C37197}\ not found.
File C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.25.2\alnaddyToolbarTlbr.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
Unable to delete ADS C:\ProgramData\Temp:0B4227B4 .
========== SERVICES/DRIVERS ==========
Error: No service named zppinger was found to stop!
Service\Driver key zppinger not found.
Error: No service named YMIDUSB was found to stop!
Service\Driver key YMIDUSB not found.
Error: No service named YahooAUService was found to stop!
Service\Driver key YahooAUService not found.
Error: No service named wmdmpmsn was found to stop!
Service\Driver key wmdmpmsn not found.
Error: No service named wacomvhid was found to stop!
Service\Driver key wacomvhid not found.
Error: No service named W8100PCI was found to stop!
Service\Driver key W8100PCI not found.
Error: No service named vpctcom was found to stop!
Service\Driver key vpctcom not found.
Error: No service named viaudio was found to stop!
Service\Driver key viaudio not found.
Error: No service named UVCFTR was found to stop!
Service\Driver key UVCFTR not found.
Error: No service named unrealircd was found to stop!
Service\Driver key unrealircd not found.
Error: No service named tvald was found to stop!
Service\Driver key tvald not found.
Error: No service named transcode360 was found to stop!
Service\Driver key transcode360 not found.
Error: No service named tme3srv was found to stop!
Service\Driver key tme3srv not found.
Error: No service named tifmsony was found to stop!
Service\Driver key tifmsony not found.
Error: No service named tb2launch was found to stop!
Service\Driver key tb2launch not found.
Error: No service named symlcbrd was found to stop!
Service\Driver key symlcbrd not found.
Error: No service named StreamDispatcher was found to stop!
Service\Driver key StreamDispatcher not found.
Error: No service named ssmdrv was found to stop!
Service\Driver key ssmdrv not found.
Error: No service named SPFDRV was found to stop!
Service\Driver key SPFDRV not found.
Error: No service named sp_clamsrv was found to stop!
Service\Driver key sp_clamsrv not found.
Error: No service named snoopfree was found to stop!
Service\Driver key snoopfree not found.
Error: No service named SMPLSCSI was found to stop!
Service\Driver key SMPLSCSI not found.
Error: No service named siswlsvc was found to stop!
Service\Driver key siswlsvc not found.
Error: No service named sfman was found to stop!
Service\Driver key sfman not found.
Error: No service named se44nd5 was found to stop!
Service\Driver key se44nd5 not found.
Error: No service named SE2Emdfl was found to stop!
Service\Driver key SE2Emdfl not found.
Error: No service named schscnt was found to stop!
Service\Driver key schscnt not found.
Error: No service named s616mgmt was found to stop!
Service\Driver key s616mgmt not found.
Error: No service named s3savagenb was found to stop!
Service\Driver key s3savagenb not found.
Error: No service named RMSvc was found to stop!
Service\Driver key RMSvc not found.
Error: No service named RDID1007 was found to stop!
Service\Driver key RDID1007 not found.
Error: No service named rchost was found to stop!
Service\Driver key rchost not found.
Error: No service named qbcfmonitorservice was found to stop!
Service\Driver key qbcfmonitorservice not found.
Error: No service named pclepci was found to stop!
Service\Driver key pclepci not found.
Error: No service named ossrv was found to stop!
Service\Driver key ossrv not found.
Error: No service named osanbm was found to stop!
Service\Driver key osanbm not found.
Error: No service named orbpvr was found to stop!
Service\Driver key orbpvr not found.
Error: No service named nv4 was found to stop!
Service\Driver key nv4 not found.
Error: No service named NTACCESS was found to stop!
Service\Driver key NTACCESS not found.
Error: No service named nhcDriverDevice was found to stop!
Service\Driver key nhcDriverDevice not found.
Error: No service named mssql$microsoftsmlbiz was found to stop!
Service\Driver key mssql$microsoftsmlbiz not found.
Error: No service named mfeapfk was found to stop!
Service\Driver key mfeapfk not found.
Error: No service named lxrjd31d was found to stop!
Service\Driver key lxrjd31d not found.
Error: No service named lpx was found to stop!
Service\Driver key lpx not found.
Error: No service named LMouKE was found to stop!
Service\Driver key LMouKE not found.
Error: No service named k750mdfl was found to stop!
Service\Driver key k750mdfl not found.
Error: No service named itmrtsvc was found to stop!
Service\Driver key itmrtsvc not found.
Error: No service named icraplus was found to stop!
Service\Driver key icraplus not found.
Error: No service named hpzid412 was found to stop!
Service\Driver key hpzid412 not found.
Error: No service named hfneavwv was found to stop!
Service\Driver key hfneavwv not found.
Error: No service named Sentertainment was found to stop!
Service\Driver key Sentertainment not found.
Error: No service named eaps2kbd was found to stop!
Service\Driver key eaps2kbd not found.
Error: No service named DynDNS_Updater_Service was found to stop!
Service\Driver key DynDNS_Updater_Service not found.
Error: No service named dmprimer was found to stop!
Service\Driver key dmprimer not found.
Error: No service named ctmmfilt was found to stop!
Service\Driver key ctmmfilt not found.
Error: No service named crystalaps was found to stop!
Service\Driver key crystalaps not found.
Error: No service named cfgwzsvc was found to stop!
Service\Driver key cfgwzsvc not found.
Error: No service named CE3 was found to stop!
Service\Driver key CE3 not found.
Error: No service named cdr4_xp was found to stop!
Service\Driver key cdr4_xp not found.
Error: No service named CdaC15BA was found to stop!
Service\Driver key CdaC15BA not found.
Error: No service named Cam5603D was found to stop!
Service\Driver key Cam5603D not found.
Error: No service named avupdsvc was found to stop!
Service\Driver key avupdsvc not found.
Error: No service named acsvc was found to stop!
Service\Driver key acsvc not found.
Error: No service named AcronisOSSReinstallSvc was found to stop!
Service\Driver key AcronisOSSReinstallSvc not found.
Error: No service named acedrv07 was found to stop!
Service\Driver key acedrv07 not found.
Error: No service named A4S2600 was found to stop!
Service\Driver key A4S2600 not found.
Error: No service named _iomega_active_disk_service_ was found to stop!
Service\Driver key _iomega_active_disk_service_ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\netsvcs deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\"netsvcs"|hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00 /E : value set successfully!
========== FILES ==========
File\Folder C:\Program Files\Alnaddy.com not found.
File\Folder C:\Program Files\BabylonToolbar not found.
File\Folder C:\ProgramData\Codecv not found.
File\Folder c:\users\hp\AppData\Roaming\Babylon not found.
File\Folder c:\programdata\Babylon not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hp
->Temp folder emptied: 168962 bytes
->Temporary Internet Files folder emptied: 536773 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46866304 bytes
->Google Chrome cache emptied: 77099360 bytes
->Flash cache emptied: 2016 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27710 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 119.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: hp
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.50.0 log created on 06222012_195639

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

**JonTom** · 2012-06-22, 21:47

Hello Aelo123

It looks as though you ran the OTL script again.

Lets try it this way instead:

OTL
- Right click on the OTL.exe icon and select "Run as Administrator" to run the program.
- Check the boxes beside "LOP Check" and "Purity Check".
- Under Custom Scan paste this in:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
CREATERESTOREPOINT
- Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.
- When the scan completes, a log will be produced.
- Please post the log in your next reply.

**Aelo123** · 2012-06-23, 01:22

Hello, it's attached: OTL.zip

**JonTom** · 2012-06-24, 14:40

Hello Aelo123

Thank you for the latest logs.

Please work your way through the following steps exactly as they are described below:

Please open OTL

Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

Code:

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

:Services
entertainment

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"netsvcs"=-
"netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\
  63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,\
  00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,\
  00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,\
  00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,\
  54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,\
  00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
  69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
  00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,\
  6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,\
  00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,\
  69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,\
  00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,\
  73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,\
  00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,\
  61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,\
  00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,\
  73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,\
  00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,\
  69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,\
  00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,\
  44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,\
  00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,\
  64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,\
  00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,\
  6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,\
  00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,\
  69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,\
  00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,\
  00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,\
  00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,\
  00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,\
  00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,\
  74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,\
  00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,\
  70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00

:Files
flushdns /c

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
Allow the program to run unhindered.
Your machine will re-start itself. This is normal.
A log will be created after your machine reboots. Please post the contents of the log in your next reply.

Once you have completed the steps above, please drag the copy of Combofix that is on your desktop to the Recycle Bin. Once you have done that, empty the Recycle Bin.

Download a fresh copy of Combofix from Here and save it to your desktop.

Next, disable all of your security programs, then right click on the Combofix icon and select "Run as Administrator" to run the tool.

Allow Combofix to complete its run then post the log created in your next reply.

it worked for firefox and Iexplorer but not for chrome

There are no instances of alnaddy.com showing up in the log for you Chrome browser. Please describe exactly what is happening when you use Chrome in your next reply.

**Aelo123** · 2012-06-24, 23:45

OTL Log:- (didn't check purity and lop check)

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
========== SERVICES/DRIVERS ==========
Service entertainment stopped successfully!
Service entertainment deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\netsvcs deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\\"netsvcs"|hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00 /E : value set successfully!
========== FILES ==========
< flushdns /c >
C:\Users\hp\Desktop\cmd.bat deleted successfully.
C:\Users\hp\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hp
->Temp folder emptied: 6462402 bytes
->Temporary Internet Files folder emptied: 3615651 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 115862958 bytes
->Google Chrome cache emptied: 286714373 bytes
->Flash cache emptied: 21219 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6778128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 400.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: hp
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.50.0 log created on 06242012_215118

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

**Aelo123** · 2012-06-24, 23:48

Combofix:-

ComboFix 12-06-24.03 - hp 24-Jun-12 23:34:50.4.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2510.1147 [GMT 2:00]
Running from: c:\users\hp\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-24 21:39 . 2012-06-24 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-24 21:32 . 2012-06-24 21:32 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-24 21:16 . 2012-06-24 21:16 -------- d-----w- c:\program files\Microsoft
2012-06-24 19:53 . 2012-06-24 21:39 -------- d-----w- c:\users\hp\AppData\Local\Temp
2012-06-24 09:07 . 2012-06-24 09:07 -------- d-----w- c:\programdata\Trymedia
2012-06-24 08:55 . 2012-06-24 08:55 -------- d-----w- c:\program files\RealArcade
2012-06-23 18:50 . 2012-06-23 18:50 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-23 18:49 . 2012-06-23 18:49 -------- d-----w- c:\programdata\McAfee
2012-06-23 16:57 . 2012-06-23 16:57 -------- d-----w- c:\programdata\eToolKit
2012-06-23 11:12 . 2012-06-23 11:12 -------- d-----w- c:\program files\Keyboard Status LED
2012-06-23 11:12 . 2012-06-23 11:12 -------- d-----w- c:\windows\UnInstFilter
2012-06-23 08:17 . 2012-06-23 08:17 -------- d-----w- c:\program files\1ClickDownload
2012-06-21 23:00 . 2012-06-21 23:00 -------- d-----w- C:\_OTL
2012-06-20 19:43 . 2012-06-20 19:43 -------- d-----w- C:\My Documents
2012-06-19 07:27 . 2012-06-19 07:27 -------- d-----w- c:\program files\Common Files\InstallShield
2012-06-19 07:19 . 2012-06-19 07:19 -------- d-----w- c:\users\hp\AppData\Roaming\runic games
2012-06-19 07:17 . 2012-06-21 07:35 -------- d-----w- c:\program files\Runic Games
2012-06-18 21:35 . 2012-06-18 21:35 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-06-18 19:33 . 2001-12-19 09:45 8576 ----a-w- c:\windows\system32\drivers\VCdRom.sys
2012-06-16 22:03 . 2012-06-16 22:03 253952 ------w- c:\windows\Setup1.exe
2012-06-16 22:03 . 2012-06-16 22:03 74752 ----a-w- c:\windows\ST6UNST.EXE
2012-06-16 18:34 . 2012-06-16 18:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-16 13:45 . 2012-06-16 13:45 -------- d-----w- C:\TWISTER
2012-06-16 08:23 . 2012-06-24 11:17 -------- d-----w- c:\users\hp\AppData\Local\Facebook
2012-06-15 20:36 . 2012-06-15 20:36 -------- d-----w- c:\program files\7-Zip
2012-06-13 21:00 . 2012-06-13 21:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-13 21:00 . 2012-06-13 21:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 20:27 . 2012-06-13 20:24 607260 ----a-r- c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dds.scr
2012-06-13 20:22 . 2012-06-13 20:22 -------- d-----w- c:\program files\ERUNT
2012-06-12 17:35 . 2012-06-12 17:35 -------- d-----w- c:\users\hp\AppData\Local\eToolKit
2012-06-12 17:35 . 2011-09-12 16:43 57152 ----a-w- c:\windows\system32\drivers\toolkitdisk.sys
2012-06-12 17:34 . 2012-06-24 14:32 -------- d-----w- c:\program files\ToolKitService
2012-06-11 17:49 . 2012-06-11 17:49 -------- d-----w- c:\users\hp\AppData\Roaming\CBS Interactive
2012-06-11 07:15 . 2012-06-11 07:15 -------- d-----w- c:\users\hp\AppData\Roaming\Optimizer Pro
2012-06-11 07:13 . 2012-06-11 07:13 -------- d-----w- c:\program files\Optimizer Pro
2012-06-11 07:12 . 2012-06-19 07:24 -------- d-----w- c:\programdata\ADDICT-THING
2012-06-10 17:32 . 2012-06-10 17:32 -------- d-----w- c:\program files\Common Files\SourceTec
2012-06-10 17:32 . 2012-06-10 17:33 -------- d-----w- c:\program files\SourceTec
2012-06-09 20:40 . 2012-06-09 20:43 -------- d-----w- c:\users\hp\AppData\Local\Apple Computer
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\users\hp\AppData\Roaming\Apple Computer
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\program files\iPod
2012-06-09 20:40 . 2012-06-09 20:40 -------- d-----w- c:\program files\iTunes
2012-06-09 14:48 . 2012-06-09 14:48 -------- d-----w- c:\users\hp\AppData\Local\WindowsUpdate
2012-06-09 14:07 . 2012-06-09 14:07 3951672 ----a-w- c:\windows\system32\ntkr128g.exe
2012-06-08 22:04 . 2012-06-11 07:15 1547 ----a-w- C:\user.js
2012-06-08 22:03 . 2012-06-08 22:03 -------- d-----w- c:\programdata\Premium
2012-06-08 22:02 . 2012-06-11 21:20 -------- d-----w- c:\programdata\InstallMate
2012-06-07 08:56 . 2012-06-07 08:56 -------- d-----w- c:\program files\CCleaner
2012-06-06 10:01 . 2012-06-06 10:01 -------- d-----w- c:\windows\system32\Adobe
2012-06-06 09:59 . 2012-06-18 21:44 -------- d-----w- c:\users\hp\AppData\Local\ElevatedDiagnostics
2012-06-05 13:15 . 2012-06-05 13:15 -------- d-----w- c:\programdata\Hotspot Shield
2012-06-05 13:14 . 2012-06-05 13:15 -------- d-----w- C:\Hotspot Shield
2012-06-05 10:42 . 2012-06-05 10:42 -------- d-----w- c:\users\hp\.vdrift
2012-06-04 18:21 . 2012-06-04 18:21 -------- d-----w- c:\users\hp\AppData\Roaming\AVG
2012-06-04 16:06 . 2012-06-04 16:06 -------- d-----w- c:\users\hp\AppData\Local\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 16:06 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-04 14:37 . 2012-06-21 07:35 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-06-04 14:37 . 2012-06-04 16:06 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 14:33 . 2012-06-04 14:33 -------- d--h--w- c:\programdata\Common Files
2012-06-04 14:33 . 2012-06-24 15:17 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 14:33 . 2012-06-12 16:27 -------- d-----w- c:\programdata\AVG2012
2012-06-04 14:33 . 2012-06-04 14:33 -------- d-----w- C:\$AVG
2012-06-04 14:33 . 2012-06-04 18:20 -------- d-----w- c:\program files\AVG
2012-06-04 14:06 . 2012-06-19 07:24 -------- d-----w- c:\programdata\MFAData
2012-06-04 09:41 . 2012-06-04 09:41 -------- d-----w- c:\users\hp\AppData\Roaming\playmink
2012-06-03 22:40 . 2012-06-03 22:44 -------- d-----w- c:\users\hp\youwave
2012-06-03 22:40 . 2012-06-03 22:40 -------- d-----w- c:\users\hp\.Virtualbox
2012-06-03 14:28 . 2012-06-03 14:28 -------- d-----w- c:\users\hp\AppData\Roaming\IDT
2012-06-03 13:31 . 2012-06-03 13:31 -------- d-----w- c:\users\hp\AppData\Roaming\dll-files.com
2012-06-03 13:31 . 2012-06-03 13:31 -------- d-----w- c:\program files\Dll-Files.com Fixer
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\users\hp\AppData\Roaming\ATI
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\users\hp\AppData\Local\ATI
2012-06-02 23:01 . 2012-06-02 23:01 -------- d-----w- c:\programdata\ATI
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\Common Files\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- C:\Intel
2012-06-02 22:59 . 2012-06-02 22:59 -------- d-----w- c:\program files\AMD APP
2012-06-02 22:57 . 2012-06-02 22:57 -------- d-----w- c:\program files\ATI
2012-06-02 22:57 . 2012-06-02 22:59 -------- d-----w- c:\program files\ATI Technologies
2012-06-02 20:47 . 2011-09-08 03:42 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-06-02 20:47 . 2011-09-08 03:42 536576 ----a-w- c:\windows\system32\idtmini1.exe
2012-06-02 20:20 . 2011-08-23 19:57 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-06-02 20:20 . 2011-08-23 19:57 414824 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-06-02 19:09 . 2012-06-02 19:20 -------- d-----w- c:\program files\Cisco
2012-06-02 19:07 . 2012-06-02 19:19 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-06-02 19:07 . 2012-06-02 19:07 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-06-02 19:07 . 2012-06-02 19:07 4256320 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2012-06-02 19:07 . 2012-06-02 19:07 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-06-02 19:07 . 2012-06-02 19:07 3616768 ----a-w- c:\windows\system32\bcmihvui.dll
2012-06-02 18:07 . 2012-06-02 18:07 -------- d-----w- c:\users\hp\AppData\Roaming\InstallShield
2012-06-02 17:40 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-02 17:40 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-02 17:40 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-02 17:40 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-02 16:00 . 2012-06-02 16:00 -------- d-----w- c:\program files\Hewlett-Packard
2012-06-02 16:00 . 2012-06-02 16:00 -------- d-----w- c:\program files\HP
2012-06-01 13:06 . 2012-06-01 13:06 -------- d-----w- c:\users\hp\AppData\Roaming\iWin
2012-05-30 18:12 . 2012-06-24 21:35 -------- d-----w- c:\programdata\WeFi
2012-05-30 18:12 . 2012-05-30 18:12 -------- d-----w- c:\program files\WeFi
2012-05-30 08:06 . 2012-06-05 10:46 -------- d-----w- c:\users\hp\AppData\Roaming\.freeciv
2012-05-30 07:49 . 2012-06-20 22:48 -------- d-----w- c:\users\hp\AppData\Local\Akamai
2012-05-30 07:43 . 2012-06-24 19:53 -------- d-----w- c:\program files\Common Files\Akamai
2012-05-30 07:39 . 2012-05-30 08:05 -------- d-----w- c:\program files\Kuma Games
2012-05-28 18:28 . 2012-05-28 18:28 -------- d-----w- c:\users\hp\AppData\Local\IsolatedStorage
2012-05-28 13:58 . 2012-05-28 13:59 -------- d-----w- c:\users\hp\AppData\Local\Nokia
2012-05-28 13:58 . 2012-05-28 13:58 -------- d-----w- c:\programdata\NokiaMusic
2012-05-28 12:16 . 2012-05-28 13:58 -------- d-----w- c:\program files\Common Files\Nokia
2012-05-28 12:16 . 2012-05-28 12:16 -------- d-----w- c:\program files\Common Files\PCSuite
2012-05-28 12:15 . 2012-05-28 12:16 -------- d-----w- c:\program files\DIFX
2012-05-28 12:15 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-05-28 12:15 . 2012-05-28 12:15 -------- dc----w- c:\windows\system32\DRVSTORE
2012-05-28 12:15 . 2012-05-28 12:15 -------- d-----w- c:\program files\PC Connectivity Solution
2012-05-28 12:10 . 2012-05-28 12:10 -------- d-----w- c:\programdata\Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 08:07 . 2012-04-12 18:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-24 08:07 . 2012-03-22 20:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 18:50 . 2012-03-22 20:54 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-16 18:38 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-04-29 18:43 . 2012-04-29 18:43 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-04-29 18:43 . 2012-04-29 18:43 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-26 21:45 . 2012-03-26 21:45 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-03-26 21:45 . 2012-03-26 21:45 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-06-18 10:29 . 2012-06-10 17:14 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}]
2011-12-26 15:47 109640 ----a-w- c:\program files\ToolKitService\splash.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-04 14:37 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D}"= "c:\program files\AllGamesHome Toolbar\tbcore3.dll" [2012-01-16 2666112]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-04 2068536]
"{D3B22A92-87A2-47b6-B3E6-A64877B5C242}"= "c:\program files\ToolKitService\toolbar.dll" [2011-12-30 875592]
.
[HKEY_CLASSES_ROOT\clsid\{5fc86fb3-a8b1-400b-8be7-0eaf0d857f5d}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01457.TBSB01457]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d3b22a92-87a2-47b6-b3e6-a64877b5c242}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]
"Akamai NetSession Interface"="c:\users\hp\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Facebook Update"="c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-06-24 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-17 1996072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" [2011-10-21 2193000]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-09-08 1433692]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 176408]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-17 343168]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-04 1104440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"KBStatusLED1"="c:\windows\KBStatusLED.exe" [2008-04-30 53248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
.
c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Facebook Messenger.lnk - c:\users\hp\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe [2012-6-20 209920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1008928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
backup=c:\windows\pss\CNET TechTracker.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kuma_Tray.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk
backup=c:\windows\pss\Kuma_Tray.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro]
2012-01-02 17:15 81912 ----a-w- c:\program files\Optimizer Pro\OptProLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tktray]
2012-01-23 15:01 453712 ----a-w- c:\program files\ToolKitService\tktray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
R1 vcdrom;Virtual CD-ROM Device Driver;D:\VCdRom.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R2 VBoxDrv;VBox Support Driver;d:\drivers\A\YouWave_Android\vb\VBoxDrv.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-09-20 76328]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 251496]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-20 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-17 176128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 hshld;Hotspot Shield Service;d:\a\Programs\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;d:\a\Programs\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-02-18 1752576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 ToolkitSvc;Toolkit Service;c:\program files\ToolKitService\ToolkitService.exe [2012-01-23 687168]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-04 935480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-17 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-17 247808]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-09-20 142632]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-20 525864]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-20 33832]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-10 27632]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 269824]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2011-08-09 10843136]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-08-23 414824]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [2010-11-03 120152]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 08:07]
.
2012-06-13 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2012-06-03 15:29]
.
2012-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000Core.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 11:09]
.
2012-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000UA.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-16 11:09]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000Core.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 14:34]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088562051-3164859817-2932628761-1000UA.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 14:34]
.
2012-06-24 c:\windows\Tasks\WefiStartup.job
- c:\program files\WeFi\WefiStartup.exe [2010-11-03 09:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.allgameshome.com/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink Flash Downloader For IE - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - {5FC86FB3-A8B1-400B-8BE7-0EAF0D857F5D} - c:\program files\AllGamesHome Toolbar\tbcore3.dll
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{7C5ABD3D-63C7-4714-846F-A892A2BF87CE}: NameServer = 10.89.80.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\xhny2dox.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-KBStatusLED - c:\winnt\KBStatusLED.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(908)
c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
- - - - - - - > 'Explorer.exe'(6076)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-06-24 23:40:52
ComboFix-quarantined-files.txt 2012-06-24 21:40
ComboFix2.txt 2012-06-22 13:42
ComboFix3.txt 2012-06-18 08:41
.
Pre-Run: 77,040,361,472 bytes free
Post-Run: 76,878,594,048 bytes free
.
- - End Of File - - F3483C8D620CF73BEF01760B8283E7FA

**Aelo123** · 2012-06-24, 23:52

As for chrome it opens on: *www.facebook.com (the homepage)

**JonTom** · 2012-06-25, 01:20

Hello Aelo123

Thank you for the logs.

I removed the infected links you posted to prevent anyone from clicking on them.

Lets continue:

Please open OTL

Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

Code:

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Reg
[-HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\TBSB01457.TBSB01457]
[-HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]
[-HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[-HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]

:Files
c:\program files\1ClickDownload

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
Allow the program to run unhindered.
Your machine will re-start itself. This is normal.
A log will be created after your machine reboots. Please post the contents of the log in your next reply.

Please perform the following scan:
- Please download MalwareBytes AntiMalware by clicking here and save the file (called mbam-setup.exe) to your desktop.
- Right click on the mbam-setup.exe icon and select "Run as Administrator" to install the program.
- Follow the prompts during installation and have the Installation Wizzard create a desktop icon.
- Once installed, double click on the MalwareBytes AntiMalware icon to launch the program.
- Click on the "Update" tab and then on "Check for Updates".
- The program will now install the latest Malware definition files.
- Once complete, click on the "Scanner" tab, select "Perform FULL Scan"and then click on "Scan".
- Once the program has scanned your computer, a log file will be created in Notepad.
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
- If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
- When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
- The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
- Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
- Come back here to this thread and Paste the log in your next reply.
Reset your browser proxies
- For Internet Explorer:
- Click on "Tools" and then select "Internet Options".
- Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
- Uncheck "Use a Proxy server for your LAN".
- Click Ok to close the Local Area Network (LAN) Settings window.
- Click Ok to close the Internet Options window.
Lets see if the following can help with your Chrome issues:
- Open Chrome.
- Click the wrench icon wrench icon on the browser toolbar.
- Select Settings.
- Click the Basics tab.
- Click Manage search engines in the "Search" section.
- To Remove a search engine: Select the search engine from the list (all instances of alnaddy) and click the x that appears at the end of the row.
- You can also add the search engine of your choice in this section if you wish.
- To ddd a search engine: Scroll to the bottom of the dialog and fill out the following fields:
- Add a new search engine: Enter a nickname for the search engine.
- Keyword: Enter the text shortcut you want to use for the search engine. Use the keyword to do keyword searches.
- URL: Enter the web address for the search engine.
- To make the selected search engine default: Select the search engine you want to use as your default search engine and click the Make default button that appears in the row.
Please post the OTL log, the MBAM log and a new DDS log in your next reply, and let me know how Chrome is running now.

**Aelo123** · 2012-06-26, 22:18

OTL:-

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\TBSB01457.TBSB01457.3 not found.
Registry key HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}\ not found.
Registry key HKEY_CLASSES_ROOT\TBSB01457.TBSB01457 not found.
Registry value HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\ not found.
Registry value HKEY_CLASSES_ROOT\ToolBand.ToolBandObj\\ deleted successfully.
========== FILES ==========
c:\program files\1ClickDownload folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hp
->Temp folder emptied: 1291128 bytes
->Temporary Internet Files folder emptied: 216265 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 111869951 bytes
->Google Chrome cache emptied: 84153011 bytes
->Flash cache emptied: 1865 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 754991 bytes
RecycleBin emptied: 493236 bytes

Total Files Cleaned = 190.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: hp
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.50.0 log created on 06262012_200723

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Thread: A case of several viruses invading system registry

Thread Tools

Display

Posting Permissions