View Full Version : Win32-Malware Gen
Trancidonia
2014-03-27, 10:32
Hello, it's me again.
Thank you especially Juliet for the great help and patient. :)
Anyway this is PC2 from all the 3 PCs in my house.
I'm aware that they are viruses or at least malware since they shows up in avast!
As of now there's Win32:Sefnit - HO [Trj], Win32:Malware-gen and FileRepMetagen [Malware] in my avast! virus chest.
What should I do with them?
All three pcs are Window XP SP3, will really need to upgrade them soon as soon as I get the money :(
I will now post the logs from DDS, Attach, aswMBR.
Should I post logs that I got from Spybots and MalwareByte?
I had quarantine and delete most using MalwareByte.
This is from DDS
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17103 BrowserJavaVersion: 10.25.2
Run by User at 12:31:21 on 2014-03-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.952 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = www.bing.com (http://www.bing.com)
uSearch Bar = www.bing.com (http://www.bing.com)
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} -
uURLSearchHooks: {00A6FAF6-072E-44cf-8957-5838F569A31D} - <orphaned>
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Yahooo Search Protection: {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {984A9162-8891-4D19-8CFE-17648BB4E1EC} - <orphaned>
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: {EEE6C35C-6118-11DC-9C72-001320C79847} - <orphaned>
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\ea
Yes, please post the MalwareBytes log.
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
rkill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/)
(use correct version for your system.....Which system am I using? (http://support.microsoft.com/kb/827218))
and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Trancidonia
2014-03-28, 02:46
Ok, here are the log from Malware Byte
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 27/03/2014
Scan Time: 4:03:24 PM
Logfile: MBAM 27032014.txt
Administrator: Yes
Version: 2.00.0.1000
Malware Database: v2014.03.27.02
Rootkit Database: v2014.03.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: User
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 246122
Time Elapsed: 9 min, 30 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 43
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, , [41fd5dab3c3f72c4a4eea695a16151af],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, , [41fd5dab3c3f72c4a4eea695a16151af],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}, , [2d1113f5116a3bfb8d0496a5eb171fe1],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc.1, , [2d1113f5116a3bfb8d0496a5eb171fe1],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc, , [2d1113f5116a3bfb8d0496a5eb171fe1],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}, , [66d80800f784e254e8ad2d0ed230f10f],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\b, , [66d80800f784e254e8ad2d0ed230f10f],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, , [fb43bc4c0279e452672c003bd929e818],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, , [fb43bc4c0279e452672c003bd929e818],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, , [fb43bc4c0279e452672c003bd929e818],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, , [fb43bc4c0279e452672c003bd929e818],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, , [fb43bc4c0279e452672c003bd929e818],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, , [fb43bc4c0279e452672c003bd929e818],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, , [fb43bc4c0279e452672c003bd929e818],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, , [fb43bc4c0279e452672c003bd929e818],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, , [fb43bc4c0279e452672c003bd929e818],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, , [fb43bc4c0279e452672c003bd929e818],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, , [fb43bc4c0279e452672c003bd929e818],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, , [fb43bc4c0279e452672c003bd929e818],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, , [fb43bc4c0279e452672c003bd929e818],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, , [fb43bc4c0279e452672c003bd929e818],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}, , [fb43bc4c0279e452672c003bd929e818],
Trojan.Vundo, HKU\S-1-5-21-1417001333-1801674531-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}, , [c97556b2e398082e13dc3300986ad729],
Trojan.Vundo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}, , [c97556b2e398082e13dc3300986ad729],
PUP.Optional.SweetPacks, HKU\S-1-5-21-1417001333-1801674531-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35C-6118-11DC-9C72-001320C79847}, , [a29c2ddb017a62d437da2eda32d04eb2],
PUP.Optional.SweetPacks, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EEE6C35C-6118-11DC-9C72-001320C79847}, , [a29c2ddb017a62d437da2eda32d04eb2],
PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\Toolbar3.SWEETIE, , [a29c2ddb017a62d437da2eda32d04eb2],
PUP.Optional.SweetPacks, HKLM\SOFTWARE\CLASSES\Toolbar3.SWEETIE.1, , [a29c2ddb017a62d437da2eda32d04eb2],
PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}, , [80be52b64a31eb4b2f650c2f7092748c],
PUP.Optional.Babylon.A, HKLM\SOFTWARE\BabylonToolbar, , [6ed061a7106be45247d00972e51e33cd],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook, , [b38bc93f25567bbb9382bfc018ebde22],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\CLASSES\SweetIM_URLSearchHook.ToolbarURLSearchHook.1, , [2b13cb3d0675ca6cbb5a29561ae99f61],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, , [41fd19efeb90a294cca5bbbf4ab91ce4],
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-1417001333-1801674531-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, , [ed51bf492b50f3432c0b6e0f2ad917e9],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1417001333-1801674531-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, , [cb73b256e69574c2cd8fea8f6e9559a7],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1417001333-1801674531-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, , [5ee082863843d95d35262158867db24e],
PUP.Optional.Babylon.A, HKU\S-1-5-21-1417001333-1801674531-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, , [df5faa5e1b60ce6873f2e09a53b08977],
PUP.Optional.BProtector.A, HKU\S-1-5-21-1417001333-1801674531-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, , [003ebc4c1c5fc670a316ed8fc83ba759],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1417001333-1801674531-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, , [d66884841e5d0f27531db6c4fc07a957],
Spyware.GamePlayLabs, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{984A9162-8891-4D19-8CFE-17648BB4E1EC}, , [70cecc3c196220161216d931996bf709],
Spyware.GamePlayLabs, HKLM\SOFTWARE\CLASSES\BHO.GamePlayLabsBHO, , [70cecc3c196220161216d931996bf709],
Spyware.GamePlayLabs, HKLM\SOFTWARE\CLASSES\BHO.GamePlayLabsBHO.1, , [70cecc3c196220161216d931996bf709],
Spyware.GamePlayLabs, HKU\S-1-5-21-1417001333-1801674531-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{984A9162-8891-4D19-8CFE-17648BB4E1EC}, , [70cecc3c196220161216d931996bf709],
Registry Values: 5
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, {B1115370-89EE-11E1-B54E-4061860AC8E8}, , [41fd19efeb90a294cca5bbbf4ab91ce4]
PUP.BProtector, HKU\S-1-5-21-1417001333-1801674531-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, http://isearch.babylon.com/?affID=117380&tt=4912_7&babsrc=HP_ss&mntrId=70fa80a50000000000004061860ac8e8, , [0638ae5a5b20eb4b8ad30c6d0bf8e31d]
Adware.Hotbar, HKU\S-1-5-21-1417001333-1801674531-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MENUEXT\&SEARCH, http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000336&p=ZRfox000&si=&a=aV4tIJ1HesyD3g.jnGpmQA&n=2009120702, , [41fd6b9de497d264db54636f23df56aa]
PUP.BProtector, HKU\S-1-5-21-1417001333-1801674531-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [1727ca3e106b8babd8860c6dbe45d52b]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-1417001333-1801674531-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {B1115370-89EE-11E1-B54E-4061860AC8E8}, , [d66884841e5d0f27531db6c4fc07a957]
Registry Data: 3
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),,[9f9f4dbb0b70c274df8f50b2b54f11ef]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),,[4cf2fa0ec8b364d2b8b71ce6f50f50b0]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),,[f747fd0b483376c0a4cc976b94707f81]
Folders: 4
PUP.Optional.FileScout.A, C:\Documents and Settings\User\Application Data\File Scout, , [2c12dc2ce4970333a3bded60c33fce32],
PUP.Optional.BabylonToolbar.A, C:\Documents and Settings\User\Local Settings\Temp\mt_ffx\BabylonToolbar, , [48f6d830077491a5cad7e06d5aa8ab55],
PUP.Optional.BabylonToolbar.A, C:\Documents and Settings\User\Local Settings\Temp\mt_ffx\BabylonToolbar\BabylonToolbar, , [48f6d830077491a5cad7e06d5aa8ab55],
PUP.Optional.BabylonToolbar.A, C:\Documents and Settings\User\Local Settings\Temp\mt_ffx\BabylonToolbar\BabylonToolbar\1.8.4.9, , [48f6d830077491a5cad7e06d5aa8ab55],
continue..
Trancidonia
2014-03-28, 02:56
I have to post the Malwarebyte's Log as a note attached as it won't allow me to post, saying there's more than 10 images in it
btw I noticed I had to run as User and can't access as Admin since it required a password but nobody in the house has placed password in Admin before. Is there anywhere for me to get around it just to run as Admin?
here are the log of FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by User (administrator) on LAU_NEW on 28-03-2014 08:42:46
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
() C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-09-29] (CyberLink Corp.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-27] (AVAST Software)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe"
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/in-en.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYANwAwAEQAVgAtAFgAUgA0AEEANwAtADIANgBRAEMAUgAtAFcAMwBaADcAMwAtAEIAVwA0ADYAUgA"&"inst=NwA3AC0ANAAyADUANgAwADEANAAyADEALQBCAC0AQgBBAFIAOQBPACsAMQAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAFgATwA5ACsAMQAtAEYAOQBNADQAKwAxAC0ARABEAFQAKwA2ADMAMQAxADYALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAEUATgArADEALQBUAEIATgArADEALQBGAFUASQArADIALQBMADkAMABNAEoAKwAxAC0ARgA5ADAATQAxADIASgBUACsAMQAtAEYAOQAwAE0AMQAyAFIAKwAxAC0AVgBJAFAAMQAyACsAMQA"&"prod=90"&"ver=9.0.894
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1417001333-1801674531-839522115-1003\...\Run: [Media Finder] - "C:\Program Files\Media Finder\Media Finder.exe" /opentotray
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\bitguard\271832~1.68\{c16c1~1\bitguard.dll => C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll [3618304 2013-11-18] ()
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
URLSearchHook: HKCU - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM - {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
SearchScopes: HKCU - DefaultScope {0404E843-1A56-4EA5-8A83-B550A4CB2BDF} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-ydwnld
SearchScopes: HKCU - {0404E843-1A56-4EA5-8A83-B550A4CB2BDF} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-ydwnld
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={searchTerms}&affID=117380&tt=4912_7&babsrc=SP_ss&mntrId=70fa80a50000000000004061860ac8e8
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=DAT&o=15240&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=FD&apn_dtid=YYYYYYYYMY&apn_uid=1A1C7D67-2E3D-4EB0-AA38-4A9691DACECA&apn_sauid=D79BF0FB-A5C2-4B9B-BC36-7FDE020B5E7B
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Yahooo Search Protection - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - No Name - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Big%20City%20Adventure%20-%20Sydney,%20Australia/Images/stg_drm.ocx
DPF: {309E27CA-1FDC-4AD2-A3AA-0FF47085E5A6} http://192.168.1.5/IEPlugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1395910919765
DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} http://192.168.1.5/vcredist_x86.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Dream%20Day%20Honeymoon/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default
FF NewTab: www.google.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: hxxp://isearch.babylon.com/?affID=117380&tt=4912_7&babsrc=HP_ss&mntrId=70fa80a50000000000004061860ac8e8
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mywebsearch.com/Plugin - C:\Program Files\MyWebSearch\bar\5.bin\NPMyWebS.dll (MyWebSearch.com)
FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Documents and Settings\User\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\askcom-1.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\babylon1.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\BitGuard.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\mywebsearch.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\sweetim.xml
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com [2012-12-12]
FF Extension: GamePlayLabs Plugin - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\Extensions\plugin2@gameplaylabs.com [2011-03-25]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-10-28]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010-12-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files\MyWebSearch\bar\5.bin
FF Extension: My Web Search - C:\Program Files\MyWebSearch\bar\5.bin [2011-11-02]
FF HKLM\...\Firefox\Extensions: [{A6629839-6636-4998-95D6-2B0F52141861}] - C:\Program Files\Expresso\Firefox
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-18]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-25]
Chrome:
=======
CHR HomePage:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (GamePlayLabs Plugin) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\1.0_0\npGamePlayLabsPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (DivX® Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Documents and Settings\User\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Oberon com adapter) - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (DivX® Content Upload Plugin) - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files\MyWebSearch\bar\5.bin\NPMyWebS.dll (MyWebSearch.com)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (WOT) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-03-27]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-30]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-30]
CHR Extension: (AdBlock) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-27]
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-30]
CHR HKLM\...\Chrome\Extension: [dhdmjeclekijlogbipdlifcmgoanoemm] - C:\Program Files\Expresso\source.crx [2011-12-30]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-27]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-09-27]
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Documents and Settings\User\Application Data\Media Finder\Extensions\mf_plugin_gc.crx [2010-09-27]
CHR HKLM\...\Chrome\Extension: [ocphobfcfafpclibolpjdafgaffkaoci] - C:\Program Files\Browser Plugin\gplplugin.crx [2010-09-27]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-27] (AVAST Software)
R2 BitGuard; C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
S4 MyWebSearchService; C:\Program Files\MyWebSearch\bar\5.bin\MWSSVC.EXE [34320 2011-11-02] (MyWebSearch.com)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [271760 2009-04-15] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-03-27] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-03-27] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-03-27] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-03-27] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-03-27] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-03-27] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180760 2014-03-27] ()
S3 CSDriver; C:\WINDOWS\system32\drivers\CSDriver.sys [40623 2002-05-24] (Beijing Chinese Star Cyber Technology Limited)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-03-28] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-28 08:42 - 2014-03-28 08:43 - 00028579 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-03-28 08:42 - 2014-03-28 08:42 - 00000000 ____D () C:\FRST
2014-03-28 08:41 - 2014-03-28 08:40 - 01145856 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-03-28 08:34 - 2014-03-28 08:37 - 00243398 _____ () C:\Documents and Settings\User\Desktop\Rkill.txt
2014-03-28 08:33 - 2014-03-28 08:27 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\User\Desktop\rkill.exe
2014-03-28 08:17 - 2014-03-28 08:43 - 00000280 _____ () C:\WINDOWS\Tasks\BitGuard.job
2014-03-27 17:21 - 2014-03-27 17:22 - 00000000 ____D () C:\Documents and Settings\User\Application Data\DropboxMaster
2014-03-27 17:21 - 2014-03-27 17:21 - 00000000 ____D () C:\Program Files\Dropbox
2014-03-27 17:21 - 2014-03-27 17:21 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\Dropbox
2014-03-27 17:20 - 2014-03-27 17:22 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Dropbox
2014-03-27 17:09 - 2014-03-27 17:20 - 36818984 _____ (Dropbox, Inc.) C:\Documents and Settings\All Users\Desktop\DropboxInstallerAvast.exe
2014-03-27 17:06 - 2014-03-27 17:06 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-03-27 16:42 - 2014-03-27 16:42 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Oracle
2014-03-27 16:40 - 2014-03-27 16:40 - 00005724 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-03-27 16:40 - 2014-03-27 16:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-03-27 16:40 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-03-27 16:40 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-03-27 16:40 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-03-27 16:40 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-03-27 15:51 - 2014-03-28 08:18 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 15:50 - 2014-03-27 15:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-27 15:50 - 2014-03-27 15:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-03-27 15:50 - 2014-03-27 15:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-27 15:50 - 2014-03-05 09:26 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-27 15:50 - 2014-03-05 09:26 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-27 12:31 - 2014-02-20 13:05 - 00688992 ____R (Swearware) C:\Documents and Settings\User\Desktop\dds.scr
2014-03-27 12:30 - 2014-03-27 12:30 - 00000596 _____ () C:\Documents and Settings\User\Desktop\ERUNT.lnk
2014-03-27 12:30 - 2014-02-20 13:00 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\User\Desktop\erunt-setup.exe
2014-03-27 11:59 - 2014-03-27 17:03 - 00000000 ____D () C:\Documents and Settings\User\Desktop\27032014 Virus Removal Process
2014-03-06 09:03 - 2014-03-06 09:03 - 00000000 ____D () C:\WINDOWS\system32\searchplugins
2014-03-06 09:03 - 2014-03-06 09:03 - 00000000 ____D () C:\WINDOWS\system32\Extensions
==================== One Month Modified Files and Folders =======
2014-03-28 08:43 - 2014-03-28 08:42 - 00028579 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-03-28 08:43 - 2014-03-28 08:17 - 00000280 _____ () C:\WINDOWS\Tasks\BitGuard.job
2014-03-28 08:42 - 2014-03-28 08:42 - 00000000 ____D () C:\FRST
2014-03-28 08:40 - 2014-03-28 08:41 - 01145856 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-03-28 08:37 - 2014-03-28 08:34 - 00243398 _____ () C:\Documents and Settings\User\Desktop\Rkill.txt
2014-03-28 08:33 - 2009-12-05 20:42 - 01741970 ____H () C:\WINDOWS\WindowsUpdate.log
2014-03-28 08:27 - 2014-03-28 08:33 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\User\Desktop\rkill.exe
2014-03-28 08:23 - 2014-02-18 14:52 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-03-28 08:18 - 2014-03-27 15:51 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 08:18 - 2014-02-20 11:48 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-03-28 08:18 - 2013-11-25 10:32 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1417001333-1801674531-839522115-1003.job
2014-03-28 08:18 - 2013-11-25 10:32 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1417001333-1801674531-839522115-1003.job
2014-03-28 08:18 - 2012-11-20 12:45 - 00000276 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1417001333-1801674531-839522115-1003.job
2014-03-28 08:18 - 2009-12-06 04:33 - 00000049 ____H () C:\WINDOWS\wiaservc.log
2014-03-28 08:18 - 2006-02-28 20:00 - 00013646 ____H () C:\WINDOWS\system32\wpa.dbl
2014-03-28 08:17 - 2013-11-25 10:29 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-28 08:17 - 2010-01-21 17:53 - 00000236 ____H () C:\WINDOWS\Tasks\OGALogon.job
2014-03-28 08:17 - 2009-12-05 20:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-27 18:02 - 2014-02-20 11:48 - 00131072 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-03-27 18:02 - 2009-12-05 20:50 - 00032622 ____H () C:\WINDOWS\SchedLgU.Txt
2014-03-27 18:02 - 2009-12-05 20:50 - 00000278 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-03-27 18:01 - 2011-04-23 10:27 - 00000232 ____H () C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
2014-03-27 17:50 - 2013-11-25 10:29 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 17:22 - 2014-03-27 17:21 - 00000000 ____D () C:\Documents and Settings\User\Application Data\DropboxMaster
2014-03-27 17:22 - 2014-03-27 17:20 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Dropbox
2014-03-27 17:21 - 2014-03-27 17:21 - 00000000 ____D () C:\Program Files\Dropbox
2014-03-27 17:21 - 2014-03-27 17:21 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\Dropbox
2014-03-27 17:20 - 2014-03-27 17:09 - 36818984 _____ (Dropbox, Inc.) C:\Documents and Settings\All Users\Desktop\DropboxInstallerAvast.exe
2014-03-27 17:07 - 2014-02-18 14:53 - 00001737 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-03-27 17:06 - 2014-03-27 17:06 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-03-27 17:06 - 2014-02-18 14:28 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-03-27 17:06 - 2014-02-18 14:28 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-03-27 17:06 - 2014-02-18 14:28 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-03-27 17:06 - 2014-02-18 14:28 - 00180760 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-03-27 17:06 - 2014-02-18 14:28 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-03-27 17:06 - 2014-02-18 14:28 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-03-27 17:06 - 2014-02-18 14:28 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-03-27 17:06 - 2014-02-18 14:28 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-03-27 17:03 - 2014-03-27 11:59 - 00000000 ____D () C:\Documents and Settings\User\Desktop\27032014 Virus Removal Process
2014-03-27 17:03 - 2009-12-05 21:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-27 17:02 - 2013-10-24 08:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-27 17:02 - 2011-08-22 17:36 - 00000000 ____D () C:\Program Files\Yahoo!
2014-03-27 17:02 - 2009-12-06 04:30 - 01132046 ____H () C:\WINDOWS\setupapi.log
2014-03-27 16:45 - 2009-12-05 21:13 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-03-27 16:42 - 2014-03-27 16:42 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Oracle
2014-03-27 16:40 - 2014-03-27 16:40 - 00005724 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-03-27 16:40 - 2014-03-27 16:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-03-27 16:40 - 2009-12-05 21:13 - 00000000 ____D () C:\Program Files\Java
2014-03-27 16:38 - 2011-08-22 17:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Yahoo!
2014-03-27 16:37 - 2011-08-22 17:42 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Yahoo!
2014-03-27 16:18 - 2010-02-10 17:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971468$
2014-03-27 15:50 - 2014-03-27 15:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-27 15:50 - 2014-03-27 15:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-03-27 15:50 - 2014-03-27 15:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-27 15:24 - 2014-02-20 16:46 - 00000512 _____ () C:\Documents and Settings\User\Desktop\MBR.dat
2014-03-27 13:20 - 2013-12-16 16:58 - 00000438 ____H () C:\WINDOWS\Tasks\Norton Security Scan for User.job
2014-03-27 13:17 - 2013-12-16 16:58 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-03-27 12:30 - 2014-03-27 12:30 - 00000596 _____ () C:\Documents and Settings\User\Desktop\ERUNT.lnk
2014-03-27 12:30 - 2014-02-21 08:21 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-03-27 12:30 - 2014-02-20 13:01 - 00000000 ____D () C:\Program Files\ERUNT
2014-03-27 12:30 - 2014-02-20 13:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-03-27 08:55 - 2009-12-17 15:33 - 00055371 ____H () C:\WINDOWS\system32\VFP8Rerr.log
2014-03-24 10:26 - 2010-03-04 16:59 - 00000284 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1417001333-1801674531-839522115-1003.job
2014-03-17 08:53 - 2013-11-25 10:29 - 00001817 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-03-06 09:03 - 2014-03-06 09:03 - 00000000 ____D () C:\WINDOWS\system32\searchplugins
2014-03-06 09:03 - 2014-03-06 09:03 - 00000000 ____D () C:\WINDOWS\system32\Extensions
2014-03-05 09:26 - 2014-03-27 15:50 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-27 15:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-01 12:30 - 2014-02-20 11:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-03-01 12:30 - 2009-12-06 04:29 - 00000245 ___SH () C:\boot.ini
Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphep6em.dll
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Trancidonia
2014-03-28, 02:58
And the log of the Addition from FRST
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by User at 2014-03-28 08:43:23
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.3.181.26 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.3.183.20 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.03) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM\...\{B607C354-CD79-4D22-86D1-92DC94153F42}) (Version: 1.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.12.2.0 - Ask.com) <==== ATTENTION
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2016 - Avast Software)
Babylon Chrome Toolbar (HKLM\...\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}) (Version: 2.0.0.4 - Babylon Ltd) <==== ATTENTION
Babylon toolbar on IE (HKLM\...\BabylonToolbar) (Version: 1.8.4.9 - BabylonToolbar) <==== ATTENTION
BitGuard (HKLM\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - MediaTechSoft Inc.) <==== ATTENTION
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version: - )
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
Chinese Star XP (HKLM\...\{5E550CD5-051A-421B-9E43-BD6FD9BFED6F}) (Version: - )
Chinese Traditional Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-2448-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Deer Drive Free Trial (HKLM\...\Deer Drive Free Trial_is1) (Version: - SCS Software)
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
DivX Content Uploader (HKLM\...\{D050D7362D214723AD585B541FFB6C11}) (Version: 1.2.1 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 6.2.1 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 6.4.3 - DivXNetworks, Inc.)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.3.1 - DivX,Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LG CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.3325 - CyberLink Corp.)
LG CyberLink Power2Go (Version: 6.2.3325 - CyberLink Corp.) Hidden
LG CyberLink PowerDVD (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815d - CyberLink Corp.)
LG CyberLink PowerDVD (Version: 8.0.2815d - CyberLink Corp.) Hidden
LG CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2130 - CyberLink Corp.)
LG CyberLink PowerProducer (Version: 5.0.2.2130 - CyberLink Corp.) Hidden
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 8.01.1209.01 - )
LG Power Tools (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3316 - CyberLink Corp.)
LG Power Tools (Version: 6.0.3316 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSN (HKLM\...\MSNINST) (Version: - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
My Web Search (Cursor Mania) (HKLM\...\MyWebSearch bar Uninstall) (Version: - My Web Search) <==== ATTENTION
Norton Security Scan (HKLM\...\NSS) (Version: 4.0.3.27 - Symantec Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM\...\{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}) (Version: 7.64.17.73 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5898 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Secret Crush Revealer (HKLM\...\Secret Crush Revealer) (Version: - )
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype Toolbars (HKLM\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4126 - Skype Technologies S.A.)
Skype™ 5.0 (HKLM\...\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}) (Version: 5.0.152 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
TeamViewer 4 (HKLM\...\TeamViewer 4) (Version: 4.1.6911 - TeamViewer GmbH)
UBS Inventory and Billing 9.4.2 (HKLM\...\UBS Inventory and Billing) (Version: 9.4.2 - Sage Software Sdn. Bhd.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB976749) (HKLM\...\KB976749-IE7) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB980182) (HKLM\...\KB980182-IE7) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update Manager for SweetPacks 1.0 (HKLM\...\{FB697452-8CA4-46B4-98B1-165C922A2EF3}) (Version: 1.0.0005 - SweetIM Technologies Ltd.) <==== ATTENTION
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! Search Protection (HKLM\...\Yahoo! Search Defender) (Version: - )
==================== Restore Points =========================
27-12-2013 04:58:31 System Checkpoint
30-12-2013 01:56:02 System Checkpoint
31-12-2013 02:19:22 System Checkpoint
02-01-2014 00:29:47 System Checkpoint
03-01-2014 01:25:58 System Checkpoint
06-01-2014 05:07:54 System Checkpoint
07-01-2014 05:22:45 System Checkpoint
08-01-2014 05:41:03 System Checkpoint
10-01-2014 02:14:18 System Checkpoint
13-01-2014 05:02:28 System Checkpoint
15-01-2014 00:40:00 System Checkpoint
16-01-2014 01:28:06 Installed HTC Sync Manager.
16-01-2014 01:35:47 Removed HTC Sync Manager.
20-01-2014 04:34:43 System Checkpoint
21-01-2014 05:07:56 System Checkpoint
23-01-2014 08:23:25 System Checkpoint
24-01-2014 09:34:53 System Checkpoint
27-01-2014 06:03:59 System Checkpoint
28-01-2014 06:50:30 System Checkpoint
29-01-2014 07:34:36 System Checkpoint
05-02-2014 02:25:20 System Checkpoint
06-02-2014 02:30:17 System Checkpoint
07-02-2014 02:34:31 System Checkpoint
10-02-2014 01:35:55 System Checkpoint
11-02-2014 02:30:48 System Checkpoint
12-02-2014 02:48:12 System Checkpoint
13-02-2014 03:41:02 System Checkpoint
14-02-2014 04:37:52 System Checkpoint
17-02-2014 01:57:21 System Checkpoint
18-02-2014 02:05:20 System Checkpoint
18-02-2014 06:28:05 avast! antivirus system restore point
18-02-2014 06:53:58 avast! antivirus system restore point
19-02-2014 07:31:15 System Checkpoint
20-02-2014 00:22:19 Removed AVG Free 9.0
20-02-2014 00:24:51 Installed AVG Free 9.0
21-02-2014 02:00:09 System Checkpoint
24-02-2014 02:16:28 System Checkpoint
25-02-2014 05:13:13 System Checkpoint
26-02-2014 05:18:56 System Checkpoint
27-02-2014 07:04:40 System Checkpoint
28-02-2014 07:57:16 System Checkpoint
02-03-2014 02:13:05 System Checkpoint
03-03-2014 02:47:04 System Checkpoint
04-03-2014 03:02:34 System Checkpoint
05-03-2014 05:12:24 System Checkpoint
06-03-2014 05:13:24 System Checkpoint
07-03-2014 05:17:39 System Checkpoint
08-03-2014 05:19:05 System Checkpoint
09-03-2014 05:48:40 System Checkpoint
10-03-2014 07:15:34 System Checkpoint
11-03-2014 08:32:40 System Checkpoint
13-03-2014 05:15:58 System Checkpoint
14-03-2014 06:11:31 System Checkpoint
17-03-2014 02:01:33 System Checkpoint
18-03-2014 02:45:46 System Checkpoint
19-03-2014 03:21:55 System Checkpoint
20-03-2014 05:00:10 System Checkpoint
21-03-2014 05:41:02 System Checkpoint
22-03-2014 08:01:07 System Checkpoint
24-03-2014 00:07:18 System Checkpoint
25-03-2014 07:26:30 System Checkpoint
27-03-2014 03:20:13 System Checkpoint
27-03-2014 08:40:07 Installed Java 7 Update 51
27-03-2014 09:05:37 avast! antivirus system restore point
==================== Hosts content: ==========================
2006-02-28 20:00 - 2006-02-28 20:00 - 00000734 ___AH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Norton Security Scan for User.job => C:\PROGRA~1\NORTON~2\Engine\403~1.27\Nss.exe
Task: C:\WINDOWS\Tasks\OGALogon.job => C:\WINDOWS\system32\OGAEXEC.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1417001333-1801674531-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1417001333-1801674531-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1417001333-1801674531-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1417001333-1801674531-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files\Ask.com\UpdateTask.exe
==================== Loaded Modules (whitelisted) =============
2013-11-22 09:26 - 2013-11-18 22:31 - 03618304 _____ () C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll
2014-03-28 08:28 - 2014-03-28 08:28 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14032701\algo.dll
2009-12-05 21:10 - 2002-05-14 18:22 - 00122880 _____ () C:\Program Files\WinRAR\rarext.dll
2014-02-20 11:48 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-20 11:48 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-18 14:28 - 2014-02-18 14:28 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-22 09:26 - 2013-11-18 22:32 - 03780064 _____ () C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2009-12-05 21:00 - 2009-04-15 22:56 - 00271760 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-02-20 11:48 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-20 11:48 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-20 11:48 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-17 08:53 - 2014-03-15 08:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-17 08:53 - 2014-03-15 08:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-17 08:53 - 2014-03-15 08:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-17 08:53 - 2014-03-15 08:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:43A7A7AD
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:50F1E014
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:5848893E
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:81405BF2
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:9BC95BE9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:BC82B99A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:BE7A0841
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:D1BCFD4A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:D35663D1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:D41AB8D0
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:E40EED9B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:F0A3E54E
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: IMJPMIG8.1 => "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LGODDFU => "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: My Web Search Bar Search Scope Monitor => "C:\PROGRA~1\MYWEBS~1\bar\5.bin\m3SrchMn.exe" /m=2 /w /h
MSCONFIG\startupreg: MyWebSearch Email Plugin => C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: PHIME2002A => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
MSCONFIG\startupreg: PHIME2002ASync => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
MSCONFIG\startupreg: SweetIM => C:\Program Files\SweetIM\Messenger\SweetIM.exe
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe" -osboot
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/21/2014 05:54:04 PM) (Source: Application Hang) (User: )
Description: Hanging application vstk2.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (03/18/2014 11:00:10 AM) (Source: Application Hang) (User: )
Description: Hanging application WLXPhotoGallery.exe, version 14.0.8117.416, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (03/07/2014 11:22:26 AM) (Source: Application Hang) (User: )
Description: Hanging application vstk2.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (03/07/2014 08:33:16 AM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (03/07/2014 08:33:11 AM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (03/03/2014 09:32:12 AM) (Source: Application Hang) (User: )
Description: Hanging application vstk2.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (02/27/2014 08:29:50 AM) (Source: Application Hang) (User: )
Description: Hanging application vstk2.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (02/20/2014 05:02:01 PM) (Source: Application Hang) (User: )
Description: Hanging application vstk2.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (02/18/2014 02:13:28 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 32.0.1700.107, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (02/13/2014 03:27:12 PM) (Source: Application Hang) (User: )
Description: Hanging application WLXPhotoGallery.exe, version 14.0.8117.416, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System errors:
=============
Error: (03/28/2014 08:34:33 AM) (Source: Service Control Manager) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
Error: (03/28/2014 08:25:41 AM) (Source: DCOM) (User: LAU_NEW)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (03/28/2014 08:25:24 AM) (Source: DCOM) (User: LAU_NEW)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (03/28/2014 08:25:21 AM) (Source: DCOM) (User: LAU_NEW)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (03/28/2014 08:24:42 AM) (Source: DCOM) (User: LAU_NEW)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (03/28/2014 08:24:42 AM) (Source: DCOM) (User: LAU_NEW)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (03/28/2014 08:17:58 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (03/28/2014 08:17:58 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Error: (03/28/2014 08:17:58 AM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058
Error: (03/28/2014 08:17:35 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.101 for the Network Card with network address 4061860AC8E8 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Microsoft Office Sessions:
=========================
Error: (03/21/2014 05:54:04 PM) (Source: Application Hang)(User: )
Description: vstk2.exe0.0.0.0hungapp0.0.0.000000000
Error: (03/18/2014 11:00:10 AM) (Source: Application Hang)(User: )
Description: WLXPhotoGallery.exe14.0.8117.416hungapp0.0.0.000000000
Error: (03/07/2014 11:22:26 AM) (Source: Application Hang)(User: )
Description: vstk2.exe0.0.0.0hungapp0.0.0.000000000
Error: (03/07/2014 08:33:16 AM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000
Error: (03/07/2014 08:33:11 AM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000
Error: (03/03/2014 09:32:12 AM) (Source: Application Hang)(User: )
Description: vstk2.exe0.0.0.0hungapp0.0.0.000000000
Error: (02/27/2014 08:29:50 AM) (Source: Application Hang)(User: )
Description: vstk2.exe0.0.0.0hungapp0.0.0.000000000
Error: (02/20/2014 05:02:01 PM) (Source: Application Hang)(User: )
Description: vstk2.exe0.0.0.0hungapp0.0.0.000000000
Error: (02/18/2014 02:13:28 PM) (Source: Application Hang)(User: )
Description: chrome.exe32.0.1700.107hungapp0.0.0.000000000
Error: (02/13/2014 03:27:12 PM) (Source: Application Hang)(User: )
Description: WLXPhotoGallery.exe14.0.8117.416hungapp0.0.0.000000000
==================== Memory info ===========================
Percentage of memory in use: 57%
Total physical RAM: 2038.17 MB
Available physical RAM: 868.35 MB
Total Pagefile: 3934.52 MB
Available Pagefile: 2736.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.54 MB
==================== Drives ================================
Drive c: (Main) (Fixed) (Total:74.52 GB) (Free:45.25 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Backup) (Fixed) (Total:74.52 GB) (Free:64.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 1E5C1E5B)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=75 GB) - (Type=OF Extended)
==================== End Of Log ============================
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/in-en.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYANwAwAEQAVgAtAFgAUgA0AEEANwAtADIANgBRAEMAUgAtAFcAMwBaADcAMwAtAEIAVwA0ADYAUgA"&"inst=NwA3AC0ANAAyADUANgAwADEANAAyADEALQBCAC0AQgBBAFIAOQBPACsAMQAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAFgATwA5ACsAMQAtAEYAOQBNADQAKwAxAC0ARABEAFQAKwA2ADMAMQAxADYALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAEUATgArADEALQBUAEIATgArADEALQBGAFUASQArADIALQBMADkAMABNAEoAKwAxAC0ARgA5ADAATQAxADIASgBUACsAMQAtAEYAOQAwAE0AMQAyAFIAKwAxAC0AVgBJAFAAMQAyACsAMQA"&"prod=90"&"ver=9.0.894
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\bitguard\271832~1.68\{c16c1~1\bitguard.dll => C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll [3618304 2013-11-18] ()
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
URLSearchHook: HKCU - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={searchTerms}&affID=117380&tt=4912_7&babsrc=SP_ss&mntrId=70fa80a50000000000004061860ac8e8
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=DAT&o=15240&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=FD&apn_dtid=YYYYYYYYMY&apn_uid=1A1C7D67-2E3D-4EB0-AA38-4A9691DACECA&apn_sauid=D79BF0FB-A5C2-4B9B-BC36-7FDE020B5E7B
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - No Name - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://isearch.babylon.com/?affID=117380&tt=4912_7&babsrc=HP_ss&mntrId=70fa80a50000000000004061860ac8e8
FF Plugin: @mywebsearch.com/Plugin - C:\Program Files\MyWebSearch\bar\5.bin\NPMyWebS.dll (MyWebSearch.com)
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\askcom-1.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\babylon1.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\BitGuard.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\mywebsearch.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\sweetim.xml
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com [2012-12-12]
FF Extension: GamePlayLabs Plugin - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\Extensions\plugin2@gameplaylabs.com [2011-03-25]
FF HKLM\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files\MyWebSearch\bar\5.bin
FF Extension: My Web Search - C:\Program Files\MyWebSearch\bar\5.bin [2011-11-02]
CHR Plugin: (GamePlayLabs Plugin) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\1.0_0\npGamePlayLabsPlugin.dll No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files\MyWebSearch\bar\5.bin\NPMyWebS.dll (MyWebSearch.com)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR HKLM\...\Chrome\Extension: [ocphobfcfafpclibolpjdafgaffkaoci] - C:\Program Files\Browser Plugin\gplplugin.crx [2010-09-27]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 BitGuard; C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] ()
C:\WINDOWS\Tasks\BitGuard.job
C:\Documents and Settings\User\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphep6em.dll
Babylon Chrome Toolbar (HKLM\...\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}) (Version: 2.0.0.4 - Babylon Ltd) <==== ATTENTION
Babylon toolbar on IE (HKLM\...\BabylonToolbar) (Version: 1.8.4.9 - BabylonToolbar) <==== ATTENTION
BitGuard (HKLM\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - MediaTechSoft Inc.) <==== ATTENTION
My Web Search (Cursor Mania) (HKLM\...\MyWebSearch bar Uninstall) (Version: - My Web Search) <==== ATTENTION
Task: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files\Ask.com\UpdateTask.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:43A7A7AD
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:50F1E014
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:5848893E
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:81405BF2
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:9BC95BE9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:BC82B99A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:BE7A0841
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:D1BCFD4A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:D35663D1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:D41AB8D0
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:E40EED9B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:F0A3E54E
MSCONFIG\startupreg: My Web Search Bar Search Scope Monitor => "C:\PROGRA~1\MYWEBS~1\bar\5.bin\m3SrchMn.exe" /m=2 /w /h
MSCONFIG\startupreg: MyWebSearch Email Plugin => C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
MSCONFIG\startupreg: SweetIM => C:\Program Files\SweetIM\Messenger\SweetIM.exe
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
Reboot:
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
****************************
AdwCleaner by Xplode
Close all open windows and browsers.
Right click the AdwCleaner icon http://i1059.photobucket.com/albums/t432/cinjo23/RightClickonAdwCleanerIcon.jpg on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
*****
https://dl.dropbox.com/u/73555776/AdwCleaner.GIF
Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Click the Clean button.
Click the Report button to get the log
Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.
************************
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.
Please post
Fixlog.txt
AdwCleaner[R0].txt
JRT.txt
Also update me on how the computer is at the moment.
Trancidonia
2014-03-31, 04:36
The PC are somewhat okay.
when i turned it on earlier just now, Malwarebyte scan shows a lot of PUP items
But after the processes you gave me, it only left PUP from bitguards
anyway here are the logs from frst, adwcleaner and jrt
here are the logs from frst
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by User at 2014-03-31 09:04:10 Run:1
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/in-en.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYANwAwAEQAVgAtAFgAUgA0AEEANwAtADIANgBRAEMAUgAtAFcAMwBaADcAMwAtAEIAVwA0ADYAUgA"&"inst=NwA3AC0ANAAyADUANgAwADEANAAyADEALQBCAC0AQgBBAFIAOQBPACsAMQAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAFgATwA5ACsAMQAtAEYAOQBNADQAKwAxAC0ARABEAFQAKwA2ADMAMQAxADYALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAOQAwAE0AMQAyAEUATgArADEALQBUAEIATgArADEALQBGAFUASQArADIALQBMADkAMABNAEoAKwAxAC0ARgA5ADAATQAxADIASgBUACsAMQAtAEYAOQAwAE0AMQAyAFIAKwAxAC0AVgBJAFAAMQAyACsAMQA"&"prod=90"&"ver=9.0.894
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\bitguard\271832~1.68\{c16c1~1\bitguard.dll => C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll [3618304 2013-11-18] ()
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
URLSearchHook: HKCU - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={searchTerms}&affID=117380&tt=4912_7&babsrc=SP_ss&mntrId=70fa80a50000000000004061860ac8e8
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=DAT&o=15240&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=FD&apn_dtid=YYYYYYYYMY&apn_uid=1A1C7D67-2E3D-4EB0-AA38-4A9691DACECA&apn_sauid=D79BF0FB-A5C2-4B9B-BC36-7FDE020B5E7B
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - No Name - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://isearch.babylon.com/?affID=117380&tt=4912_7&babsrc=HP_ss&mntrId=70fa80a50000000000004061860ac8e8
FF Plugin: @mywebsearch.com/Plugin - C:\Program Files\MyWebSearch\bar\5.bin\NPMyWebS.dll (MyWebSearch.com)
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\askcom-1.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\babylon1.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\BitGuard.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\mywebsearch.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\sweetim.xml
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com [2012-12-12]
FF Extension: GamePlayLabs Plugin - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\Extensions\plugin2@gameplaylabs.com [2011-03-25]
FF HKLM\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files\MyWebSearch\bar\5.bin
FF Extension: My Web Search - C:\Program Files\MyWebSearch\bar\5.bin [2011-11-02]
CHR Plugin: (GamePlayLabs Plugin) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\1.0_0\npGamePlayLabsPlugin.dll No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files\MyWebSearch\bar\5.bin\NPMyWebS.dll (MyWebSearch.com)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR HKLM\...\Chrome\Extension: [ocphobfcfafpclibolpjdafgaffkaoci] - C:\Program Files\Browser Plugin\gplplugin.crx [2010-09-27]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 BitGuard; C:\Documents and Settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] ()
C:\WINDOWS\Tasks\BitGuard.job
C:\Documents and Settings\User\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphep6em.dll
Babylon Chrome Toolbar (HKLM\...\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}) (Version: 2.0.0.4 - Babylon Ltd) <==== ATTENTION
Babylon toolbar on IE (HKLM\...\BabylonToolbar) (Version: 1.8.4.9 - BabylonToolbar) <==== ATTENTION
BitGuard (HKLM\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - MediaTechSoft Inc.) <==== ATTENTION
My Web Search (Cursor Mania) (HKLM\...\MyWebSearch bar Uninstall) (Version: - My Web Search) <==== ATTENTION
Task: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files\Ask.com\UpdateTask.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:43A7A7AD
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:50F1E014
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:5848893E
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:81405BF2
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:9BC95BE9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:BC82B99A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:BE7A0841
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:D1BCFD4A
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:D35663D1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:D41AB8D0
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:E40EED9B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:F0A3E54E
MSCONFIG\startupreg: My Web Search Bar Search Scope Monitor => "C:\PROGRA~1\MYWEBS~1\bar\5.bin\m3SrchMn.exe" /m=2 /w /h
MSCONFIG\startupreg: MyWebSearch Email Plugin => C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
MSCONFIG\startupreg: SweetIM => C:\Program Files\SweetIM\Messenger\SweetIM.exe
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
Reboot:
end
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => Value deleted successfully.
"c:\\docume~1\\alluse~1\\applic~1\\bitguard\\271832~1.68\\{c16c1~1\\bitguard.dll" => Value Data removed successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => Value deleted successfully.
HKCR\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully.
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} => Value not found.
HKCR\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox homepage deleted successfully.
HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin => Key deleted successfully.
C:\Program Files\MyWebSearch\bar\5.bin\NPMyWebS.dll => Moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\askcom-1.xml => Moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\askcom.xml => Moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\babylon1.xml => Moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\BitGuard.xml => Moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\mywebsearch.xml => Moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\searchplugins\sweetim.xml => Moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com => Moved successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\Extensions\plugin2@gameplaylabs.com => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com => Value deleted successfully.
C:\Program Files\MyWebSearch\bar\5.bin => Moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\1.0_0\npGamePlayLabsPlugin.dll not found.
C:\Program Files\MyWebSearch\bar\5.bin\NPMyWebS.dll not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci => Key deleted successfully.
"C:\Program Files\Browser Plugin\gplplugin.crx" => File/Directory not found.
HKCU\SOFTWARE\Policies\Google => Key deleted successfully.
BitGuard => Service stopped successfully.
BitGuard => Service deleted successfully.
C:\WINDOWS\Tasks\BitGuard.job => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphep6em.dll => Moved successfully.
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":43A7A7AD" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":50F1E014" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":5848893E" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":81405BF2" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":9BC95BE9" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":BC82B99A" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":BE7A0841" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":D1BCFD4A" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":D35663D1" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":D41AB8D0" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":E40EED9B" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":F0A3E54E" ADS removed successfully.
========= MSCONFIG\startupMy Web Search Bar Search Scope Monitor => "C:\PROGRA~1\MYWEBS~1\bar\5.bin\m3SrchMn.exe" /m=2 /w /h =========
The system cannot find the path specified.
========= End of Reg: =========
========= MSCONFIG\startupMyWebSearch Email Plugin => C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe =========
The system cannot find the path specified.
========= End of Reg: =========
========= MSCONFIG\startupSweetIM => C:\Program Files\SweetIM\Messenger\SweetIM.exe =========
The system cannot find the path specified.
========= End of Reg: =========
========= MSCONFIG\startupSweetpacks Communicator => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe =========
The system cannot find the path specified.
========= End of Reg: =========
The system needed a reboot.
==== End of Fixlog ====
here are the log from Adwcleaner
# AdwCleaner v3.022 - Report created 31/03/2014 at 09:11:53
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - LAU_NEW
# Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : MyWebSearchService
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BitGuard
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\FunWebProducts
Folder Deleted : C:\Program Files\MyWebSearch
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\User\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\User\Application Data\BabylonToolbar
Folder Deleted : C:\Documents and Settings\User\Application Data\Media Finder
Folder Deleted : C:\Documents and Settings\User\Start Menu\Programs\BitGuard
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\SweetPacksToolbarData
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\bProtector_extensions.rdf
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\bprotector_prefs.js
File Deleted : C:\Program Files\Mozilla Firefox\Components\AskHPRFF.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller
Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetPacks Communicator
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
Key Deleted : HKCU\Software\5c68888bc3cbd44
Key Deleted : HKLM\SOFTWARE\5c68888bc3cbd44
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E7AD93B-3E87-423D-947F-A321FA7E31C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\Fun Web Products
Key Deleted : HKCU\Software\FunWebProducts
Key Deleted : HKCU\Software\GamePlayLabs
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5B58EF61-85F2-4977-97A5-84C19F926579}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Key Deleted : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
Key Deleted : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.17103
-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\prefs.js ]
Line Deleted : user_pref("dom.ipc.plugins.enabled.npmywebs.dll", false);
Line Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");
Line Deleted : user_pref("extensions.asktb.cbid", "FD");
Line Deleted : user_pref("extensions.asktb.config-updated", true);
Line Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
Line Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYMY");
Line Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRfox000&fl=0&ptb=aV4tIJ1HesyD3g.jnGpmQA&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir[...]
Line Deleted : user_pref("extensions.asktb.fresh-install", false);
Line Deleted : user_pref("extensions.asktb.l", "dis");
Line Deleted : user_pref("extensions.asktb.last-config-req", "1392264939890");
Line Deleted : user_pref("extensions.asktb.last-search-timestamp", "1312867278750");
Line Deleted : user_pref("extensions.asktb.last-v", "3.12.2.100009");
Line Deleted : user_pref("extensions.asktb.locale", "en_US");
Line Deleted : user_pref("extensions.asktb.o", "15240");
Line Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line Deleted : user_pref("extensions.asktb.qsrc", "2871");
Line Deleted : user_pref("extensions.asktb.r", "9");
Line Deleted : user_pref("extensions.asktb.search-history-queries", "firefly online booking");
Line Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}");
Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Line Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Line Deleted : user_pref("extensions.asktb.socialmini-first", true);
Line Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Line Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Line Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Line Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Line Deleted : user_pref("extensions.asktb.socialmini-speed", "5000");
Line Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Line Deleted : user_pref("extensions.asktb.v", "3.12.2.100013");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=70fa80a50000000000004061860ac8e8&q=");
Line Deleted : user_pref("extensions.enabledAddons", "plugin2%40gameplaylabs.com:2.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0");
Line Deleted : user_pref("extensions.enabledItems", "toolbar@ask.com:3.12.2.100013,{DDABDBA1-2377-4A30-A027-25697B99E254}:3.1,plugin2@gameplaylabs.com:2.0,gencrawler@some.com:2.6,{20a82645-c095-46ed-80e3-08825760534[...]
Line Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZRfox000&ptb=aV4tIJ1HesyD3g.jnGpmQA&ind=2009120702&ptnrS=ZRfox000&si=&n=77c0bfbe&osp=mw[...]
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRfox000&ptb=aV4tIJ1HesyD3g.jnGpmQA&ind=2009120702&ptnrS=ZRfox000&si=&n=77c0bfbe&psa=&st=kwd&s[...]
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.fr", "1301030183");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.ranonce", true);
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_/", "1301033293");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_dealsplugin.com/", "1301033293");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_facebook.com", "1301033293");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_h", "1301033293");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_hxxp", "1301033293");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_iqquizgame.com/", "1301033293");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_play-ga.me/", "1301033293");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_revealmycrush.com/", "1301033293");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_unlock-this.com/browserplugin", "1301033293");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_unlock-this.com/plugin", "1301033293");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.fr", "1299059243");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_.google.", "1299059246");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_/", "1299059246");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_dealsplugin.com/", "1299059246");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_facebook.com", "1299059246");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_h", "1300942341");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_hxxp", "1299059246");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_hxxp://www.facebook.com/plugins/like.php?href=hxxp://www.dealsplugin.com", "1299059246");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_iqquizgame.com/", "1299059246");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_play-ga.me/", "1299059246");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_revealmycrush.com/", "1299059246");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_unlock-this.com/browserplugin", "1299059246");
Line Deleted : user_pref("extensions.plugin@gameplaylabs.com.rule_unlock-this.com/plugin", "1299059246");
Line Deleted : user_pref("sweetim.toolbar.cargo", "4.0003002");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.html");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Line Deleted : user_pref("sweetim.toolbar.prad.initialized_by_rc", "true");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.yahoo.com/search?fr=ffsp1&p=");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.yahoo.com/");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{B1115370-89EE-11E1-B54E-4061860AC8E8}");
Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=4.0003002");
Line Deleted : user_pref("sweetim.toolbar.version", "1.5.0.2");
-\\ Google Chrome v33.0.1750.154
[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [38082 octets] - [31/03/2014 09:10:18]
AdwCleaner[S0].txt - [38827 octets] - [31/03/2014 09:11:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [38888 octets] ##########
and here are the logs from JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by User on 31/03/2014 at 9:21:59.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\expresso
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1417001333-1801674531-839522115-1003\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\expresso
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Successfully deleted: [Registry Key] HKEY_USERS\.DEFAULT\Software\Expresso
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\user.js
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31/03/2014 at 9:30:08.29
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes AntiMalware recently had a program update.
You can download the newest version over the top of the one you have or delete it , download and install again.
http://www.malwarebytes.org/update/
Please get the new version and let's run another scan.
Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/update/)to your desktop
(If uninstalling and doing a reinstall the link is below)
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits
https://dl.dropboxusercontent.com/u/73555776/MBAMsettings.JPG
Go back to the Dashboard and select Scan Now
https://dl.dropboxusercontent.com/u/73555776/MBAMScan.JPG
If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.
https://dl.dropboxusercontent.com/u/73555776/MBAMReboot.JPG
https://dl.dropboxusercontent.com/u/73555776/MBAMLog.JPG
On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log
Trancidonia
2014-04-01, 04:11
I ran MBAM
But it did detected 3 malware.
Trojan.Miner
Location at
C:\WINDOWS\system32\dfrg\libssl.dll
C:\WINDOWS\system32\dfrg\librcrypto.dll
C:\WINDOWS\system32\dfrg\libcurl-4.dll
They are in Quarantine now, Should i Delete them?
Here are the Log from MBAM
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 01/04/2014
Scan Time: 8:47:34 AM
Logfile: MBAM 01042014 2.txt
Administrator: Yes
Version: 2.00.0.1000
Malware Database: v2014.03.31.10
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: User
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 243651
Time Elapsed: 20 min, 44 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 3
Trojan.Miner, C:\WINDOWS\system32\dfrg\libcrypto.dll, Quarantined, [50b0956be11f23ddfac37d1cde25758b],
Trojan.Miner, C:\WINDOWS\system32\dfrg\libcurl-4.dll, Quarantined, [aa563dc3bf4119e73489d1c83ac98779],
Trojan.Miner, C:\WINDOWS\system32\dfrg\libssl.dll, Quarantined, [7a86a9571fe116ea4d70fb9ef50e6e92],
Physical Sectors: 0
(No malicious items detected)
(end)
They are in Quarantine now, Should i Delete them?
Doesn't matter, if their in quarantine they can't hurt you.
How's the computer now?
Please Run TFC by OldTimer to clear temporary files:
Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
~~~~~~~~~~~~~~~~~~~~~~~~~~
Go here (http://go.eset.com/us/online-scanner) to run an online scanner from ESET.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish
Trancidonia
2014-04-02, 05:13
The PC is working fine at the moment, no more random avast! telling me there's viruses
However Internet Explorer will tend to lag. But with all the treat appearing, Im too afraid to use this PC to go to official sites for banks and what not.
Here's the Log from ESETSCAN
C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe.vir Win32/bProtector.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe.vir Win32/bProtector.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Application Data\BabylonToolbar\CR\BabylonChrome1.crx.vir a variant of Win32/Toolbar.Babylon.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Application Data\BabylonToolbar\CR\BUSolution.dll.vir a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Application Data\BabylonToolbar\FF\BUSolution.dll.vir a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Application Data\BabylonToolbar\IE\BUSolution.dll.vir a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Application Data\BabylonToolbar\Shared\BUSolution.dll.vir a variant of Win32/Toolbar.Babylon.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.8.4.9\BabylonToolbarApp.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.8.4.9\BabylonToolbarTlbr.dll.vir a variant of Win32/Toolbar.Montiera.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.8.4.9\uninstall.exe.vir Win32/Toolbar.Montiera.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\BabylonToolbar\BabylonToolbar\1.8.4.9\bh\BabylonToolbar.dll.vir a variant of Win32/Toolbar.Escort.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\F3HKSTUB.DLL.vir Win32/Toolbar.MyWebSearch.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\MyWebSearch\bar\firefox\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe.vir a variant of Win32/SweetIM.F potentially unwanted application
C:\FRST\Quarantine\C\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\n9rs2w4x.default\Extensions\plugin2@gameplaylabs.com\chrome\content\overlay.js Win32/Adware.GamePlayLabs potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\NPMyWebS.dll.xBAD Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\F3CJPEG.DLL Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\F3DTACTL.DLL Win32/FunWeb potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\F3HISTSW.DLL Win32/FunWeb potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\F3HKSTUB.DLL Win32/Toolbar.MyWebSearch.G potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\F3HTMLMU.DLL Win32/Toolbar.MyWebSearch.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\F3HTTPCT.DLL Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\F3IMSTUB.DLL Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\F3POPSWT.DLL Win32/FunWeb potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\F3PSSAVR.SCR Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\F3REGHK.DLL Win32/Toolbar.MyWebSearch.G potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\F3REPROX.DLL Win32/Toolbar.MyWebSearch.D potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\F3RESTUB.DLL Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\F3SCHMON.EXE Win32/FunWeb potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\F3SCRCTR.DLL Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\F3WPHOOK.DLL Win32/FunWeb potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\M3AUXSTB.DLL Win32/Toolbar.MyWebSearch.H potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\M3DLGHK.DLL Win32/Toolbar.MyWebSearch.I potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\M3HTML.DLL Win32/Toolbar.MyWebSearch.F potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\M3IDLE.DLL Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\M3IEOVR.DLL Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\M3IMPIPE.EXE Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\M3MSG.DLL Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\M3OUTLCN.DLL Win32/Toolbar.MyWebSearch.J potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\M3PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\M3SKIN.DLL Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\M3SKPLAY.EXE Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\M3SLSRCH.EXE Win32/Toolbar.MyWebSearch.J potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\M3TPINST.DLL Win32/Toolbar.MyWebSearch.I potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\MWSMLBTN.DLL Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\MWSOEMON.EXE Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\MWSOEPLG.DLL Win32/Toolbar.MyWebSearch.J potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\MWSOESTB.DLL Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\MWSSRCAS.DLL Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\MWSSVC.EXE Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\5.bin\MWSUABTN.DLL Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch potentially unwanted application
C:\WINDOWS\system32\dfrg\btc-miner.exe a variant of Win32/BitCoinMiner.AQ potentially unsafe application
C:\WINDOWS\system32\dfrg\minerd.exe Win32/BitCoinMiner.W potentially unsafe application
D:\My Documents\New Quo\Order details.zip Win32/TrojanDownloader.FakeAlert.BKK trojan
Im too afraid to use this PC to go to official sites for banks and what not.
As a precaution I would do:
From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.
Do NOT change passwords from this computer.
*******************************************
Most of what was found in the online scan was already in quarantine folders, this computer was heavily infected but it does appear we've done a good job.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
C:\Program Files\Windows Live\Messenger\msimg32.dll
C:\Program Files\Windows Live\Messenger\riched20.dll
C:\WINDOWS\system32\dfrg\btc-miner.exe
C:\WINDOWS\system32\dfrg\minerd.exe
D:\My Documents\New Quo\Order details.zip
Reboot:
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
Trancidonia
2014-04-03, 03:29
I wonder if the PC is clean now,
I will now try to delete everything from the Quarantine
here's the FRST log
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by User at 2014-04-03 08:22:57 Run:2
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
C:\Program Files\Windows Live\Messenger\msimg32.dll
C:\Program Files\Windows Live\Messenger\riched20.dll
C:\WINDOWS\system32\dfrg\btc-miner.exe
C:\WINDOWS\system32\dfrg\minerd.exe
D:\My Documents\New Quo\Order details.zip
Reboot:
end
*****************
C:\Program Files\Windows Live\Messenger\msimg32.dll => Moved successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll => Moved successfully.
C:\WINDOWS\system32\dfrg\btc-miner.exe => Moved successfully.
C:\WINDOWS\system32\dfrg\minerd.exe => Moved successfully.
D:\My Documents\New Quo\Order details.zip => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
I wonder if the PC is clean now,
You tell me?
From the scans we've done looks like we got it.
Trancidonia
2014-04-04, 03:25
Thank you Juliet for everything!! :D
Should I look at my previous thread for Cleanups of the file that does rkill, frst and jrt and what not?
I can post it here too.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.
start
DeleteQuarantine:
end
~~~~~~~~~~~~~~~~~~~~~
Download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
http://www.hdrcgb.org.uk/g2g/delfix.jpg
Click Run
Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.
Trancidonia
2014-04-07, 03:29
Thank you for everything Juliet. :) :) :)
Now I will start preping the third PC but my Aunt will always be on that PC :sad:
:bigthumb:
I'll close this one, no need to keep it open too.