Solved Win64/Patched.A infection on services.exe

NO Current Issues.
----------------------------------

All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\FRST\Quarantine\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb}\U folder moved successfully.
C:\FRST\Quarantine\{9ce6e964-1aaa-a36a-a94d-b658d72f2dcb} folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Users\Vibhor\cy0MKJiJqke moved successfully.
C:\Users\Guest\AppData\Roaming\AVG2012\cfgall folder moved successfully.
C:\Users\Guest\AppData\Roaming\AVG2012 folder moved successfully.
C:\Users\Vibhor\AppData\Roaming\AVG\Rescue\PC Tuneup 2011 folder moved successfully.
C:\Users\Vibhor\AppData\Roaming\AVG\Rescue folder moved successfully.
C:\Users\Vibhor\AppData\Roaming\AVG\PC Tuneup\User Reports folder moved successfully.
C:\Users\Vibhor\AppData\Roaming\AVG\PC Tuneup\Logs folder moved successfully.
C:\Users\Vibhor\AppData\Roaming\AVG\PC Tuneup folder moved successfully.
C:\Users\Vibhor\AppData\Roaming\AVG folder moved successfully.
C:\Users\Vibhor\AppData\Roaming\AVG2012\cfgall folder moved successfully.
C:\Users\Vibhor\AppData\Roaming\AVG2012 folder moved successfully.
ADS C:\ProgramData\Temp:5D458568 deleted successfully.
ADS C:\ProgramData\Temp:41099CE9 deleted successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
ADS C:\ProgramData\Temp:3E7393FC deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8187 bytes
->FireFox cache emptied: 68841949 bytes
->Google Chrome cache emptied: 4896218 bytes
->Flash cache emptied: 58707 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Vibhor
->Temp folder emptied: 5252639 bytes
->Temporary Internet Files folder emptied: 4899017 bytes
->Java cache emptied: 5842411 bytes
->FireFox cache emptied: 97118048 bytes
->Google Chrome cache emptied: 360430290 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 14856734 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9120 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 536.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest

User: Public

User: Vibhor
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: Vibhor
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11072012_223200

Files\Folders moved on Reboot...
C:\Users\Vibhor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Smart Security 5.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
JavaFX 2.1.1
Java(TM) 6 Update 31
Java(TM) 7 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.265
Mozilla Firefox (16.0.2)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 09-11-2012
Ran by Vibhor (administrator) on 10-11-2012 at 12:58:34
Running from "C:\Users\Vibhor\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
 
# AdwCleaner v2.007 - Logfile created 11/10/2012 at 13:03:33
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Vibhor - MYNEWASUS
# Boot Mode : Normal
# Running from : C:\Users\Vibhor\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Program Files (x86)\NCH_EN
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Vibhor\AppData\Local\Conduit
Folder Deleted : C:\Users\Vibhor\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Vibhor\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Vibhor\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Vibhor\AppData\LocalLow\NCH_EN
Folder Deleted : C:\Users\Vibhor\AppData\Roaming\Babylon
***** [Registry] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\NCH_EN
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B2CC1EC-17B9-457D-8B2B-9FD5E15DC9E3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A1ED736-7819-476C-8E31-B1196BED3058}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NCH_EN Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0B0AzzzyyCyEtA0AtBtN0D0Tzu0CtBtDyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=878517389 --> hxxp://www.google.com
-\\ Mozilla Firefox v16.0.2 (en-US)
Profile name : default
File : C:\Users\Vibhor\AppData\Roaming\Mozilla\Firefox\Profiles\n9fxrtoa.default\prefs.js
C:\Users\Vibhor\AppData\Roaming\Mozilla\Firefox\Profiles\n9fxrtoa.default\user.js ... Deleted !
Deleted : user_pref("backup.old.browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113959&tt=28061[...]
Deleted : user_pref("extensions.funmoods.aflt", "nv1");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dfltlng", "en");
Deleted : user_pref("extensions.funmoods.dfltsrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "0756A1B8A2BD14C977C70F3603BF6D8C");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2[...]
Deleted : user_pref("extensions.funmoods.hrdid", "F46D040BA89643A2");
Deleted : user_pref("extensions.funmoods.id", "F46D040BA89643A2");
Deleted : user_pref("extensions.funmoods.instlDay", "15544");
Deleted : user_pref("extensions.funmoods.instlRef", "nv1");
Deleted : user_pref("extensions.funmoods.instlday", "15544");
Deleted : user_pref("extensions.funmoods.instlref", "nv1");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.keywordurl", "");
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2214:2:34");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.newtab", true);
Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.smplgrp", "none");
Deleted : user_pref("extensions.funmoods.srch", "");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2214:2:34");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.2214:2:34");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2214:2:34");
Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1347487630871");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "US");
Deleted : user_pref("extensions.incredibar.dfltLng", "");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.dfltlng", "en");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10658");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "c40a43a2000000000000002637bd3942");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15575");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8CUIGnih&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8CUIGnih");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92824928163079353");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1423:33:16");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
-\\ Google Chrome v23.0.1271.64
File : C:\Users\Vibhor\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.28] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=48", "hxxp://www.facebook.com/", "hxxp://search.babylon.com/?affID=113959&tt=280612_7_&babsrc=HP_ss&mntrId=c40a43a2000000000000002637bd3942", "hxxp://www.artlastudents.com/index.cfm/search/detail/entry/1740" ]
Deleted [l.2716] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=48", "hxxp://www.facebook.com/", "hxxp://search.babylon.com/?affID=113959&tt=280612_7_&babsrc=HP_ss&mntrId=c40a43a2000000000000002637bd3942", "hxxp://www.artlastudents.com/index.cfm/search/detail/entry/1740" ]
-\\ Opera v [Unable to get version]
File : C:\Users\Vibhor\AppData\Roaming\Opera\Opera\operaprefs.ini
Deleted : Home URL=hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0B0AzzzyyCyE[...]
*************************
AdwCleaner[R1].txt - [17408 octets] - [10/11/2012 13:02:31]
AdwCleaner[S1].txt - [17907 octets] - [10/11/2012 13:03:33]
########## EOF - C:\AdwCleaner[S1].txt - [17968 octets] ##########
 
These Are the reports I got, cannot do Fsecure online scan as there's a problem with Java Update. For some reason I can't update my Java.
 
ALso I press new tab in google chrome, it opens h t t p ://mystart.incredibar.com/?loc=CH_NT and says Server is too busy.
 
You didn't answer my question about Java.

As for Chrome..
Uninstall it.
  1. Go to Start > All Programs > Google Chrome > Uninstall Google Chrome.
  2. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete browser data" checkbox.
  3. Select the default browser you'd like to use.
  4. Click OK in the confirmation prompt.
  5. The uninstall process will begin.
Install fresh copy.
 
Fsecure in a different browser also doesn't work. The applet in the browser window runs till Accept licence, then I see a ltoading circle in that applet. Get notifications about updating Java, currently it's updated to Java 7 update 9. Let me reinstall chrome and I'll be back
 
OK there was a rogue extension in chrome that I just removed, so mystart issue is gone. I;m checking the link for java yu just sent..hold on...
 
Oh yes that's how I installed later when automatic download didn't work, so I ahve the updates and everything, I tried running Fsecure from three different browsers, should I deactivate my current antivirus program before proceeding??
 
Please run a BitDefender Online Scan

  • Disable your antivirus program.
  • Click Start Scanner button.
  • Click Free scan now button
  • Allow browser plug-in to be installed when prompted.
  • Click I Agree to agree to the EULA.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on View report.
  • Notepad will open with scan results.
  • Save the report to your desktop and post its content in your next reply.
 
QuickScan 32-bit v0.9.9.118
---------------------------
Scan date: Mon Nov 12 16:36:13 2012
Machine ID: C40A43A2



No infection found.
-------------------



Processes
---------
(unsigned) vlc.exe 2696 D:\Program Files (x86)\VideoLAN\VLC\vlc.exe

(verified) ATK Hotkey 4016 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(verified) ATK Media 4024 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(verified) ATKOSD2 2292 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(verified) Billy The Goat 3108 C:\Program Files (x86)\Autorun Eater\billy.exe
(verified) Google Chrome 116 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 472 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 652 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 2260 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 2452 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 2684 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 2776 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3456 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3808 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4252 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4280 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4384 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4528 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4596 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4616 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4784 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 5004 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 5332 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 5584 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 6892 C:\Users\Vibhor\AppData\Local\Google\Chrome\Application\chrome.exe
(verified) Old McDonald 4004 C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe
(verified) Opera Internet Browser 5044 C:\Program Files (x86)\Opera\opera.exe
(verified) Opera Internet Browser plugin wrapper 6664 C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
(verified) Printer Device Monitor 3964 C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe


Network activity
----------------
Process chrome.exe (472) connected on port 443 (HTTP over SSL) --> 74.125.226.195
Process chrome.exe (472) connected on port 5222 (XMPP/Jabber) --> 74.125.131.125
Process chrome.exe (472) connected on port 80 (HTTP) --> 69.171.235.16
Process chrome.exe (472) connected on port 80 (HTTP) --> 74.125.226.194
Process chrome.exe (472) connected on port 80 (HTTP) --> 74.125.226.194
Process chrome.exe (472) connected on port 443 (HTTP over SSL) --> 23.66.230.194
Process chrome.exe (472) connected on port 443 (HTTP over SSL) --> 69.171.224.34
Process chrome.exe (472) connected on port 443 (HTTP over SSL) --> 69.171.234.37
Process chrome.exe (472) connected on port 80 (HTTP) --> 50.22.252.218
Process chrome.exe (472) connected on port 80 (HTTP) --> 50.22.252.218
Process chrome.exe (472) connected on port 80 (HTTP) --> 50.22.252.218
Process chrome.exe (472) connected on port 80 (HTTP) --> 50.22.252.218
Process chrome.exe (472) connected on port 80 (HTTP) --> 23.66.230.194
Process chrome.exe (472) connected on port 80 (HTTP) --> 23.66.230.194
Process chrome.exe (472) connected on port 80 (HTTP) --> 64.94.107.43
Process chrome.exe (472) connected on port 80 (HTTP) --> 64.94.107.43
Process chrome.exe (472) connected on port 443 (HTTP over SSL) --> 23.66.230.194
Process chrome.exe (472) connected on port 443 (HTTP over SSL) --> 23.66.230.194
Process chrome.exe (472) connected on port 80 (HTTP) --> 37.59.67.149
Process chrome.exe (472) connected on port 80 (HTTP) --> 37.59.67.149
Process chrome.exe (472) connected on port 80 (HTTP) --> 37.59.67.149
Process chrome.exe (472) connected on port 80 (HTTP) --> 72.21.81.253
Process chrome.exe (472) connected on port 80 (HTTP) --> 72.21.81.253
Process chrome.exe (472) connected on port 80 (HTTP) --> 72.21.81.253
Process chrome.exe (472) connected on port 80 (HTTP) --> 66.235.155.28
Process chrome.exe (472) connected on port 80 (HTTP) --> 66.235.155.28
Process chrome.exe (472) connected on port 80 (HTTP) --> 66.235.155.28
Process chrome.exe (472) connected on port 80 (HTTP) --> 66.235.155.28
Process chrome.exe (472) connected on port 80 (HTTP) --> 64.94.107.57
Process chrome.exe (472) connected on port 80 (HTTP) --> 64.94.107.57
Process chrome.exe (472) connected on port 80 (HTTP) --> 74.125.226.194
Process chrome.exe (472) connected on port 80 (HTTP) --> 74.125.226.194
Process chrome.exe (472) connected on port 80 (HTTP) --> 74.125.226.194
Process chrome.exe (472) connected on port 80 (HTTP) --> 74.125.226.194

Process DKADGmon.exe (3964) listens on ports: 15637


Autoruns and critical files
---------------------------
(verified) Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) ATK Hotkey C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(verified) ATK Media C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(verified) ATKOSD2 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(verified) Google Update C:\Users\Vibhor\AppData\Local\Google\Update\GoogleUpdate.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Old McDonald C:\Program Files (x86)\Autorun Eater\oldmcdonald.exe
(verified) Printer Device Monitor C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe
(verified) Windows® Internet Explorer c:\windows\syswow64\webcheck.dll


Browser plugins
---------------
(unsigned) Akamai Download Manager ActiveX Control C:\Windows\Downloaded Program Files\DownloadManagerV2.ocx
(unsigned) Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
(unsigned) NPSWF32_11_4_402_265.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

(verified) AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
(verified) Akamai Download Manager ActiveX Control C:\Windows\Downloaded Program Files\Manager.exe
(verified) Bitdefender QuickScan C:\Users\Vibhor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\npqscan.dll
(verified) Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) Coupons Inc., Coupon Printer Manager C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
(verified) Google Talk Plugin C:\Users\Vibhor\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
(verified) Google Talk Plugin Video Accelerator C:\Users\Vibhor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
(verified) Google Toolbar for Internet Explorer c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
(verified) Google Update C:\Users\Vibhor\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
(verified) Java Deployment Toolkit 7.0.50.255 C:\Windows\SysWOW64\npDeployJava1.dll
(verified) Java(TM) Platform SE 7 U5 c:\program files (x86)\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
(verified) Java(TM) Platform SE 7 U5 C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
(verified) Java(TM) Platform SE 7 U5 c:\program files (x86)\oracle\javafx 2.1 runtime\bin\ssv.dll
(verified) Microsoft Office 2010 D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL
(verified) Microsoft Office 2010 D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL
(verified) Microsoft Office 2010 d:\program files (x86)\microsoft office\office14\urlredir.dll
(verified) Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
(verified) Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
(verified) Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll
(verified) Picasa D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
(verified) Silverlight Plug-In C:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll
(verified) Uplay PC C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
(verified) VMware Workstation C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
(verified) VMware Workstation C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll
(verified) Windows Live Messenger Companion c:\program files (x86)\windows live\companion\companioncore.dll
(verified) Windows Live™ Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
(verified) Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
(verified) Yahoo Application State Plugin C:\Program Files (x86)\Yahoo!\Shared\npYState.dll
(verified) Zeon Plus C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll


Scan
----
MD5: 040295875fdcbbef5a3fc2d8996d9875 c:\altera\11.1\quartus\bin64\jtagserver.exe
MD5: 9ee35391f0aca2bce865b60053249e42 C:\Program Files (x86)\Dell V520 Series\dkabmonr.dll
MD5: 8b35f9533c20b815e7ea47e18f3d9f70 C:\Program Files (x86)\Dell V520 Series\dkadg_32iobj.dll
MD5: b78f4c2c592c87df54e8e0c6aaef3874 C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
MD5: 14f6acdc20fa0d4efa747ca81ed4d028 C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
MD5: 1645b21d06d5888de46d4020661cbcd1 C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
MD5: ce95f0178d99b53d3605a2d1c03900fd C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
MD5: 5cf07b67aef164bc16e7f412c4134894 C:\Windows\Downloaded Program Files\DownloadManagerV2.ocx
MD5: 2ed65cf5725fcd0dfd40f87782ae37d5 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MD5: 7ebdfc02b9e698acba658fa4204abce6 D:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
MD5: c90976c653fecc24f668f57da0a1cb61 D:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
MD5: e0d81e1d14a9304a528320272848a550 D:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
MD5: 2a3a97c74d50526c3d690312f453cca2 D:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll
MD5: dc4bcb578c79a8ab30acd1dc9ab14bba D:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
MD5: 520e487bf7d09187cfeaae2eaac7c8de D:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll
MD5: 7a6789a0941836c34ce39377d2e07320 D:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
MD5: 2dab56d44cacef809b3db232903cb5a0 D:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll
MD5: d9c27bee0408d3a737c8f3c1bc2a653e D:\Program Files (x86)\VideoLAN\VLC\plugins\libasf_plugin.dll
MD5: 3e55f2c6bd59c821d400fb8dd7e3e0f0 D:\Program Files (x86)\VideoLAN\VLC\plugins\libaudio_format_plugin.dll
MD5: 38822c0f2412a644ad4be5a44fd2be7e D:\Program Files (x86)\VideoLAN\VLC\plugins\libavi_plugin.dll
MD5: bae2dc24110201649bea1ddb74011414 D:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll
MD5: c0be6decdfdd6f1d88e3f57d6ee24ea7 D:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll
MD5: 30f25e25934cd4d022c721b64907b7d7 D:\Program Files (x86)\VideoLAN\VLC\plugins\libcvdsub_plugin.dll
MD5: b3a3b96f40b23c5d89a702b27e883dcf D:\Program Files (x86)\VideoLAN\VLC\plugins\libdirectx_plugin.dll
MD5: 4ceaa63cac2d005b403fc97c4a72716c D:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
MD5: 5b6e83d1c302301ff6003542d527b459 D:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll
MD5: f5b10d1ca31823388f52e258d0c6b809 D:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll
MD5: e29cd13018abdcd9a439f9bbe0130992 D:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
MD5: 29a90458dd018b9ee91d648acbadb72d D:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
MD5: 13d3d15a7693805341b0e15041989763 D:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
MD5: eef5940f0fafb883defd128f0beccb36 D:\Program Files (x86)\VideoLAN\VLC\plugins\libequalizer_plugin.dll
MD5: f7e213d72dda9a34a1e21cb4e30698a3 D:\Program Files (x86)\VideoLAN\VLC\plugins\libes_plugin.dll
MD5: 9315cc44135ec5e561e3adf07eb9af5c D:\Program Files (x86)\VideoLAN\VLC\plugins\libfaad_plugin.dll
MD5: 4b457b8c5fc152793e2f69418bbbf238 D:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll
MD5: c779bbaa4f0d7c439fc9b510de43236e D:\Program Files (x86)\VideoLAN\VLC\plugins\libfilesystem_plugin.dll
MD5: f2dd7c0b6ab2db499c998bbbd2101111 D:\Program Files (x86)\VideoLAN\VLC\plugins\libflac_plugin.dll
MD5: 1f862b40785d49e0aab92f308452b890 D:\Program Files (x86)\VideoLAN\VLC\plugins\libflacsys_plugin.dll
MD5: 216de7a6961aaeffabaeb254043e0fe1 D:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
MD5: 057fb844c46c1bc01c54b54e1a3c70b1 D:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
MD5: 19776160e34443800c96f736c7dbd5cf D:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
MD5: d505eb615464037b1f2f9751cc5be795 D:\Program Files (x86)\VideoLAN\VLC\plugins\liblibass_plugin.dll
MD5: b5c7d9d22e301bdee6991795ccca7063 D:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll
MD5: 18bba1fbd2797345ec4f3331cff082c4 D:\Program Files (x86)\VideoLAN\VLC\plugins\liblua_plugin.dll
MD5: 21ef83da5b4c82a8e24a10380deb90c6 D:\Program Files (x86)\VideoLAN\VLC\plugins\libmediadirs_plugin.dll
MD5: 2e8f410796a516b4f8a98552113f62a1 D:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
MD5: 1518e17c72bf9b2891db1d99dda0fe98 D:\Program Files (x86)\VideoLAN\VLC\plugins\libmono_plugin.dll
MD5: e274c4ef48f1fd793b122503f4fa83bf D:\Program Files (x86)\VideoLAN\VLC\plugins\libmp4_plugin.dll
MD5: f3cb1eade374e7d90ba58592e526dfdb D:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
MD5: cd254749b2200fef3ad407c4bd60c6df D:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
MD5: 1f458a879a9138190aa39d463086cd59 D:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_dirac_plugin.dll
MD5: c373eeb4e4caaa630dbbf1872f0d828b D:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_flac_plugin.dll
MD5: 46a50127a8a464324d6315f7911bb9d1 D:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_h264_plugin.dll
MD5: ceda7c0de2615b6390e6f8fe4d5cf884 D:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mlp_plugin.dll
MD5: 40f290c673874b21bebd9a165c4a044a D:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpeg4audio_plugin.dll
MD5: e9f58bb141f87f6a6e0732cdd42d757d D:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpeg4video_plugin.dll
MD5: 545324194aeef972267f99014341951b D:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpegvideo_plugin.dll
MD5: 7b89b47b4d26257b65b7961336ef7158 D:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_vc1_plugin.dll
MD5: 94b1789f011d7bc68fc7b9d7886d95cc D:\Program Files (x86)\VideoLAN\VLC\plugins\libplaylist_plugin.dll
MD5: ae86f0ec1bc9aa7122baef395cda58e6 D:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll
MD5: 859f0473d807504b0f6ba025e8598ce6 D:\Program Files (x86)\VideoLAN\VLC\plugins\libpodcast_plugin.dll
MD5: bd783acd1d32e979d93717cad1a97d7f D:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll
MD5: a15359297d604d544e5526f61798b974 D:\Program Files (x86)\VideoLAN\VLC\plugins\librawvideo_plugin.dll
MD5: 1dd059b9d68c50e99e43092b6ae08fde D:\Program Files (x86)\VideoLAN\VLC\plugins\libsap_plugin.dll
MD5: 61ff9dcae00071e5111c95cc74fd6c68 D:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll
MD5: 48d7c1a82ec5f3c1860d21ec70bcd410 D:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
MD5: f390ff48545a83101ac42ed6f807abd8 D:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
MD5: 802919bf078bd5de4417ea671c277e2a D:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll
MD5: a079a56e06b3c95e3256b706116701d4 D:\Program Files (x86)\VideoLAN\VLC\plugins\libspdif_mixer_plugin.dll
MD5: 301670655d8acbc9c35142d685524b4b D:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll
MD5: 0bb8bc6f125023ad2a90403d4346da49 D:\Program Files (x86)\VideoLAN\VLC\plugins\libspudec_plugin.dll
MD5: 0a99e6294a6ed56506147cddf9446934 D:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
MD5: 9799270c9d4b3449ac8b5caeff9a1676 D:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
MD5: cb34a9095ab25606d42b143c29070cbf D:\Program Files (x86)\VideoLAN\VLC\plugins\libsvcdsub_plugin.dll
MD5: 47aa1206caac48830ce9d94b4603b716 D:\Program Files (x86)\VideoLAN\VLC\plugins\libtaglib_plugin.dll
MD5: 52ab8a543f75bed2057693cf12a99d06 D:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll
MD5: 7d60ca400bb9837827fc56b166f59f47 D:\Program Files (x86)\VideoLAN\VLC\plugins\libtrivial_mixer_plugin.dll
MD5: ab802dc6f3254e42b0f6bd93c6443b60 D:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
MD5: 957321092bdd216f75c5604c8d649b58 D:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll
MD5: 455bb8423d5b981154bbae0a82e29b1d D:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll
MD5: 6675a2c0af044380814e32b78c3904b1 D:\Program Files (x86)\VideoLAN\VLC\plugins\libxml_plugin.dll
MD5: 8d2d9e6ff2c810abb6ecc8f6d138deff D:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll
MD5: b0fd3872f6958aa93d6a7103ac01852c D:\Program Files (x86)\VideoLAN\VLC\vlc.exe


No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.00 MB sent, 0.30 KB recvd
Scanned 447 files and modules - 10 seconds

==============================================================================
 
Fine.
You can uninstall BitDefender now as you don't want to be running two AV programs.

===============================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Vibhor
->Temp folder emptied: 16109 bytes
->Temporary Internet Files folder emptied: 261516660 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 354743724 bytes
->Google Chrome cache emptied: 294988056 bytes
->Opera cache emptied: 76554248 bytes
->Flash cache emptied: 926 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23918 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 942.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: Vibhor
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest

User: Public

User: Vibhor
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Unable to start System Restore Service. Error code -2147212542

OTL by OldTimer - Version 3.2.69.0 log created on 11122012_182834

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\~bd6E8C.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
--------------
Broni: Should still go ahead with next steps as I can see it couldn't start System restore? Also, between Eset Smart Security and BitDefender, which one would you really recommend I should keep? Thanks
 
See if you can reset restore point manually.
Turn system restore off.
Restart computer.
Turn system restore on.
 
I can't. Here's the error message:
"There was an unexpected error in the property page.
System Restore encountered an error. Please try to run System Restore again. (0x81000203)
Please close the property page and try again"
 
1) Alright, I manually restarted 'Microsoft software Shadow Copy Provider' from services.msc. And created a restore point Successfully.
2) Uninstalled Bit Defender INternet Security 2013. I still have Browser Plugin for online scan, hope that's OK.
3) Should I start Clean up with OTL?
 
DONE! There's MBR.dat from Malwarebytes Anti Malware scans on my desktop, what should I do with that? Other than that, everything seems to be working fine now.
 
Thanks a ton!!! Appreciate what you do here.. Keep up the noble work! Buzz me if you ever need my assistance.. now that's hysterical yu might think, but I have been doing the same work on a personal level for people around me for about 7-8 years now and this time I was caught off guard!

Thanks again Malware Annihilator ; )
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
774
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back