also @ TechSpot: Apple's iOS 7 to be "black, white and flat all over"

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

SVChost.exe trojan, memory process help!

Discussion in 'Virus and Malware Removal' started by BWashburn, Aug 3, 2012.

Page 3 of 6

Jay Pfoutz Malware Helper Posts: 4,286 +49

Go to Start > type in CMD and hit Enter.

Enter the following in Command Prompt:
sc query winmgmt > log.txt && log.txt
Then post the log that launches.

Jay Pfoutz, Aug 23, 2012

#41
BWashburn TechSpot Member Posts: 58

Here is the log.

SERVICE_NAME: winmgmt
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

BWashburn, Aug 23, 2012

#42
Jay Pfoutz Malware Helper Posts: 4,286 +49

It looks to be fine. I guess it didn't want to be stopped earlier.

Is the issue fixed though?

Jay Pfoutz, Aug 24, 2012

#43
BWashburn TechSpot Member Posts: 58

It did not fix the problem. I still receive the CMD screen pop up. Then disappears so fast I can't read what it says. I went throught all the steps you said to do including registering that dll file again. I then tried to create a clean restore and still get that same error message.

BWashburn, Aug 24, 2012

#44
BWashburn TechSpot Member Posts: 58

Well bad news. Ran another scan figuring it could be some infection blocking me from creating a restore point...and I was right! Dont know if for sure this is the reason why I cant create one. I am infected so says AVG and MBAM with the same trojans.

BWashburn, Aug 24, 2012

#45

Jay Pfoutz Malware Helper Posts: 4,286 +49

Post MBAM log please...

Jay Pfoutz, Aug 25, 2012

#46

BWashburn TechSpot Member Posts: 58

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.25.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Uer :: UER-HP [administrator]
8/26/2012 7:53:41 PM
mbam-log-2012-08-26 (21-21-38).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235344
Time elapsed: 2 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 6
C:\Windows\System32\config\systemprofile\0.04350892934149009.exe (Trojan.Agent.Gen) -> No action taken.
C:\Windows\System32\config\systemprofile\0.04607298496785539.exe (Trojan.Agent.Gen) -> No action taken.
C:\Windows\System32\config\systemprofile\0.04996638027305533.exe (Trojan.Agent.Gen) -> No action taken.
C:\Windows\System32\config\systemprofile\0.4236519195480817.exe (Trojan.Agent.Gen) -> No action taken.
C:\Windows\System32\config\systemprofile\0.5705691742244525.exe (Trojan.Agent.Gen) -> No action taken.
C:\Windows\System32\config\systemprofile\0.8015336184689984.exe (Trojan.Agent.Gen) -> No action taken.
(end)

BWashburn, Aug 27, 2012

#47
Jay Pfoutz Malware Helper Posts: 4,286 +49
Okay, weapon time. Please do the following, in order, patiently. Do them one at a time, and post the logs whenever you can. I will give you chance to do all of this. It is in hopes we can get this solved quicker.

1. TDSSKiller
Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool

Click the Start Scan button

After the scan has finished, click the Close button

Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

2. RogueKiller

Download RogueKiller and save it on your desktop.

Quit all programs

Start RogueKiller.exe.

Wait until Prescan has finished ...

Click on Scan

Wait for the end of the scan.

The report has been created on the desktop.

Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix

The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

3. AdwCleaner
Please download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.

Click on Search.

A logfile will automatically open after the scan has finished.

Please post the content of that logfile in your reply.

You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

4. ComboFix
Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.

It is important to rename ComboFix before the download.

Please do not rename ComboFix to other names, but only the one indicated.

After the download:

Close any open browsers.

Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.

If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on svchost.exe & follow the prompts.

It will attempt to install the Recovery Console:

When ComboFix finishes, it will produce a report for you.

Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
Jay Pfoutz, Aug 28, 2012

#48
BWashburn TechSpot Member Posts: 58
Here is the TDSSkiller log
Attached Files:
- TDSSKiller.2.8.8.0_29.08.2012_19.57.58_log.txt
  
  File size:
  
  136 KB
  
  Views:
  
  1
BWashburn, Aug 29, 2012

#49
BWashburn TechSpot Member Posts: 58

RK Reports
RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Uer [Admin rights]
Mode : Scan -- Date : 08/29/2012 20:24:05
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\72847843 (system32\DRIVERS\72847843.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\72847843 (system32\DRIVERS\72847843.sys) -> FOUND
[STARTUP][SUSP PATH] _uninst_72847843.lnk @Uer : C:\Users\Uer\AppData\Local\Temp\_uninst_72847843.bat -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{1ae38341-e383-e5cb-ae21-864215ad12c4}\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{1ae38341-e383-e5cb-ae21-864215ad12c4}\n.) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{1ae38341-e383-e5cb-ae21-864215ad12c4}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{1ae38341-e383-e5cb-ae21-864215ad12c4}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{1ae38341-e383-e5cb-ae21-864215ad12c4}\L --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

205.185.122.188 key.gamespy.com

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] a3d16448727fd2f4d2ba3d53f3913e62
[BSP] ae54075512f172419db9fdf6f1339bb3 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941412 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1928218624 | Size: 12355 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 6fd06bbbdabc92f410f3bab65fba5e85
[BSP] 02e7035ffb54d97291fa39379734721d : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo
+++++ PhysicalDrive1: +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive3: +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Uer [Admin rights]
Mode : Remove -- Date : 08/29/2012 20:27:35
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\72847843 (system32\DRIVERS\72847843.sys) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\72847843 (system32\DRIVERS\72847843.sys) -> DELETED
[STARTUP][SUSP PATH] _uninst_72847843.lnk @Uer : C:\Users\Uer\AppData\Local\Temp\_uninst_72847843.bat -> DELETED
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{1ae38341-e383-e5cb-ae21-864215ad12c4}\n.) -> REPLACED (C:\Windows\system32\wbem\wbemess.dll)
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{1ae38341-e383-e5cb-ae21-864215ad12c4}\@ --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{1ae38341-e383-e5cb-ae21-864215ad12c4}\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{1ae38341-e383-e5cb-ae21-864215ad12c4}\U\80000064.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{1ae38341-e383-e5cb-ae21-864215ad12c4}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{1ae38341-e383-e5cb-ae21-864215ad12c4}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{1ae38341-e383-e5cb-ae21-864215ad12c4}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{1ae38341-e383-e5cb-ae21-864215ad12c4}\L --> REMOVED
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

205.185.122.188 key.gamespy.com

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] a3d16448727fd2f4d2ba3d53f3913e62
[BSP] ae54075512f172419db9fdf6f1339bb3 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941412 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1928218624 | Size: 12355 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 6fd06bbbdabc92f410f3bab65fba5e85
[BSP] 02e7035ffb54d97291fa39379734721d : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Uer [Admin rights]
Mode : Shortcuts HJfix -- Date : 08/29/2012 20:28:29
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 31 / Fail 0
My documents: Success 40 / Fail 40
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 9 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume7 -- 0x2 --> Restored
[J:] \Device\CdRom1 -- 0x5 --> Skipped
[Q:] \Device\SftVol -- 0x3 --> Restored
¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

BWashburn, Aug 29, 2012

#50
BWashburn TechSpot Member Posts: 58

ASW log
# AdwCleaner v1.801 - Logfile created 08/29/2012 at 20:37:10
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Uer - UER-HP
# Boot Mode : Normal
# Running from : C:\Users\Uer\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****
Folder Found : C:\Users\Uer\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Uer\AppData\Local\Babylon
Folder Found : C:\Users\Uer\AppData\Local\Conduit
Folder Found : C:\Users\Uer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik
Folder Found : C:\Users\Uer\AppData\Local\Ilivid Player
Folder Found : C:\Users\Uer\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Uer\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Uer\AppData\LocalLow\Bandoo
Folder Found : C:\Users\Uer\AppData\LocalLow\BitTorrentBar2
Folder Found : C:\Users\Uer\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Uer\AppData\LocalLow\Conduit
Folder Found : C:\Users\Uer\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Uer\AppData\LocalLow\searchquband
Folder Found : C:\Users\Uer\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\Uer\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Uer\AppData\Roaming\Babylon
Folder Found : C:\Users\Uer\AppData\Roaming\Bandoo
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\BitTorrentBar2
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3045275
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Google\Chrome\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\SweetIm
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\bandoo
Key Found : HKLM\SOFTWARE\BitTorrentBar2
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar2 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\SearchquMediabarTb
Key Found : HKLM\SOFTWARE\SweetIM
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\Ask.com
[x64] Key Found : HKCU\Software\AVG Secure Search
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKCU\Software\DataMngr
[x64] Key Found : HKCU\Software\Google\Chrome\Extensions\ngmmcbedgcbfghamlghhpbpifnbhhpik
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[x64] Key Found : HKCU\Software\SweetIm
[x64] Key Found : HKCU\Software\Zugo
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
[x64] Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
[x64] Key Found : HKLM\SOFTWARE\Classes\S
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x64] Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
[x64] Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
[x64] Key Found : HKLM\SOFTWARE\DataMngr
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[x64] Key Found : HKLM\SOFTWARE\Tarma Installer
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{70B469C4-47B1-48BD-8149-D2749E4B8832}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E1BB230-EB40-40E1-B9E9-256F3DA1E583}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABDA17ED-0246-4631-A9D8-28F9A0A5D6C3}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{70B469C4-47B1-48BD-8149-D2749E4B8832}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70B469C4-47B1-48BD-8149-D2749E4B8832}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{656461EF-40F6-4115-9FF1-BCED9812CCBB}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70B469C4-47B1-48BD-8149-D2749E4B8832}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{656461EF-40F6-4115-9FF1-BCED9812CCBB}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/burn4free/{A291445C-28E6-4312-B647-D918E3043F4A}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={723579B1-56E1-455E-9750-8DF5D3B41CEF}&mid=94ff05c7b9e947d1888c05cc2248f341-1639eedb14566357d5c24318bb42d6a6751e4e71&lang=en&ds=AVG&pr=fr&d=2011-10-12 00:03:16&v=9.0.0.22&sap=nt
-\\ Google Chrome v21.0.1180.83
File : C:\Users\Uer\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found : "description": "AVG Secure Search",
Found : "name": "AVG Secure Search",
Found : "description": "The fastest way to search the web.",
Found : "scriptable_host": [ "hxxp://*/*", "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdC[...]
Found : "matches": [ "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*", "[...]
Found : "path": "plugins/ConduitChromeApiPlugin.dll",
Found : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT304527[...]
Found : "path": "C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\11.[...]
*************************
AdwCleaner[R1].txt - [31003 octets] - [29/08/2012 20:37:10]
########## EOF - C:\AdwCleaner[R1].txt - [31132 octets] ##########

BWashburn, Aug 29, 2012

#51
BWashburn TechSpot Member Posts: 58

Combo fix has been running for about 2 hours now stuck on stage 4. I am on my phone posting this. I will continue to ket it run until I get a response from you to tell me what to do.

BWashburn, Aug 29, 2012

#52
BWashburn TechSpot Member Posts: 58

Update..I did end up shutting it down for the fact I had to use my computer. restarted it and computer is running slow again. not sure why combo fix is not wanting to work for me?

BWashburn, Aug 30, 2012

#53
Jay Pfoutz Malware Helper Posts: 4,286 +49
Not sure. Pretty weird.

Please download aswMBR from here

Save aswMBR.exe to your Desktop

Double click aswMBR.exe to run it

Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop

Copy and paste the contents of aswMBR.txt back here for review

Remove the Adware.

Please close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with OK.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile in your reply.

You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the log.
Jay Pfoutz, Aug 30, 2012

#54
BWashburn TechSpot Member Posts: 58

ASW log unaltered.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-30 16:42:56
-----------------------------
16:42:56.677 OS Version: Windows x64 6.1.7601 Service Pack 1
16:42:56.677 Number of processors: 2 586 0x603
16:42:56.677 ComputerName: UER-HP UserName: Uer
16:42:59.766 Initialize success
16:43:25.065 AVAST engine defs: 12081700
16:43:26.376 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
16:43:26.376 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
16:43:26.408 Disk 0 MBR read successfully
16:43:26.408 Disk 0 MBR scan
16:43:26.408 Disk 0 Windows 7 default MBR code
16:43:26.423 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:43:26.439 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941412 MB offset 206848
16:43:26.486 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12355 MB offset 1928218624
16:43:26.565 Disk 0 scanning C:\Windows\system32\drivers
16:43:35.769 Service scanning
16:44:00.435 Modules scanning
16:44:00.455 Disk 0 trace - called modules:
16:44:00.465 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
16:44:00.465 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007664060]
16:44:00.465 3 CLASSPNP.SYS[fffff8800198743f] -> nt!IofCallDriver -> [0xfffffa80072856e0]
16:44:00.465 5 amdxata.sys[fffff88000e947a8] -> nt!IofCallDriver -> \Device\00000062[0xfffffa80072838a0]
16:44:03.217 AVAST engine scan C:\Windows
16:44:16.789 AVAST engine scan C:\Windows\system32
16:47:38.108 AVAST engine scan C:\Windows\system32\drivers
16:47:52.513 AVAST engine scan C:\Users\Uer
16:56:30.423 File: C:\Users\Uer\Desktop\RK_Quarantine\80000064.@.vir **INFECTED** Win32:Malware-gen
16:59:01.066 AVAST engine scan C:\ProgramData
17:01:32.341 Scan finished successfully
17:17:17.704 Disk 0 MBR has been saved successfully to "C:\Users\Uer\Desktop\MBR.dat"
17:17:17.704 The log file has been saved successfully to "C:\Users\Uer\Desktop\aswMBR.txt"

BWashburn, Aug 30, 2012

#55
BWashburn TechSpot Member Posts: 58

Ok I ran the adwcleaner. when it was deleting my AVG popped up and said a threat was detected. (ADWCLEANER.EXE) I had option to move to vault or skip and stupid me chose move to vault which deleted it. So I ran another asw scan then redownloaded ADW and saved it to my User profile (UER) because it would not let me save it onto my desktop. So I ran it again and selected delete and this time chose skip when the threat detected came up and then it ran through smoothly (so I thought) it rebooted fine. But no report came up. I went to the path you told em to to find it but it was last modified the 29th and not the 30th which is today. Which means it could not be the recent one I just did. Really confused here.

BWashburn, Aug 30, 2012

#56
Jay Pfoutz Malware Helper Posts: 4,286 +49

That's fine, good job!

Scan with Malwarebytes' Anti-Malware

Please open Malwarebytes' Anti-Malware, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Jay Pfoutz, Aug 31, 2012

#57
BWashburn TechSpot Member Posts: 58

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.31.12
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Uer :: UER-HP [administrator]
8/31/2012 4:27:24 PM
mbam-log-2012-08-31 (16-27-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236077
Time elapsed: 2 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 6
C:\Windows\System32\config\systemprofile\0.04350892934149009.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\0.04607298496785539.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\0.04996638027305533.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\0.4236519195480817.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\0.5705691742244525.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\0.8015336184689984.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
(end)

BWashburn, Aug 31, 2012

#58
Jay Pfoutz Malware Helper Posts: 4,286 +49

Go to Start, type in CMD and hit Enter.

Copy the following:

dir /a:h /s C:\Windows\System32\config\systemprofile >log.txt && dir /s C:\Windows\System32\config\systemprofile >>log.txt && log.txt

Go to Command Prompt, right-click and select Paste. It will launch a log quickly, please post that in your next reply.

Jay Pfoutz, Sep 1, 2012

#59
BWashburn TechSpot Member Posts: 58

It said file was not found.

BWashburn, Sep 2, 2012

#60

Page 3 of 6

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.