Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
popups in the lower left corner of IE
Message
<blockquote data-quote="mknite" data-source="post: 136366" data-attributes="member: 12922"><p>Hello. Here are the logs.</p><p></p><p>All processes killed</p><p>========== OTL ==========</p><p>Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ deleted successfully.</p><p>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ deleted successfully.</p><p>C:\Users\Martin\AppData\Local\DefineExt\temp.dat moved successfully.</p><p>C:\ProgramData\bvrjzjmql.pff moved successfully.</p><p>C:\ProgramData\bvrjzjmql.ctrl moved successfully.</p><p>C:\ProgramData\23lldnur.pad moved successfully.</p><p>C:\ProgramData\ras_0oed.pad moved successfully.</p><p>========== FILES ==========</p><p>C:\Users\Martin\AppData\Local\DefineExt folder moved successfully.</p><p>========== COMMANDS ==========</p><p> </p><p>[EMPTYTEMP]</p><p> </p><p>User: All Users</p><p> </p><p>User: Default</p><p>->Temp folder emptied: 0 bytes</p><p>->Temporary Internet Files folder emptied: 0 bytes</p><p> </p><p>User: Default User</p><p>->Temp folder emptied: 0 bytes</p><p>->Temporary Internet Files folder emptied: 0 bytes</p><p> </p><p>User: Guest</p><p>->Temp folder emptied: 343744 bytes</p><p>->Temporary Internet Files folder emptied: 214319717 bytes</p><p>->Java cache emptied: 0 bytes</p><p>->Google Chrome cache emptied: 6660518 bytes</p><p>->Flash cache emptied: 1403 bytes</p><p> </p><p>User: Martin</p><p>->Temp folder emptied: 175332915 bytes</p><p>->Temporary Internet Files folder emptied: 434470329 bytes</p><p>->Java cache emptied: 226640 bytes</p><p>->Google Chrome cache emptied: 345841413 bytes</p><p>->Flash cache emptied: 15739529 bytes</p><p> </p><p>User: martin2</p><p>->Temp folder emptied: 13207757 bytes</p><p>->Temporary Internet Files folder emptied: 1952903 bytes</p><p>->Java cache emptied: 0 bytes</p><p>->Google Chrome cache emptied: 1905008 bytes</p><p>->Flash cache emptied: 506 bytes</p><p> </p><p>User: Public</p><p> </p><p>%systemdrive% .tmp files removed: 0 bytes</p><p>%systemroot% .tmp files removed: 1517061 bytes</p><p>%systemroot%\System32 .tmp files removed: 0 bytes</p><p>%systemroot%\System32 (64bit) .tmp files removed: 0 bytes</p><p>%systemroot%\System32\drivers .tmp files removed: 0 bytes</p><p>Windows Temp folder emptied: 13165137 bytes</p><p>%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43296625 bytes</p><p>RecycleBin emptied: 640590777 bytes</p><p> </p><p>Total Files Cleaned = 1,820.00 mb</p><p> </p><p> </p><p>OTL by OldTimer - Version 3.2.69.0 log created on 09192013_220917</p><p></p><p>Files\Folders moved on Reboot...</p><p>C:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.</p><p>C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.</p><p></p><p>PendingFileRenameOperations files...</p><p></p><p>Registry entries deleted on Reboot...</p><p></p><p></p><p>Malwarebytes Anti-Rootkit BETA 1.07.0.1005</p><p>www.malwarebytes.org</p><p></p><p>Database version: v2013.09.20.01</p><p></p><p>Windows 7 Service Pack 1 x64 NTFS</p><p>Internet Explorer 10.0.9200.16686</p><p>Martin :: NEGRA [administrator]</p><p></p><p>9/19/2013 10:26:49 PM</p><p>mbar-log-2013-09-19 (22-26-49).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken</p><p>Scan options disabled: </p><p>Objects scanned: 272127</p><p>Time elapsed: 46 minute(s), 9 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 1</p><p>C:\Users\martin2\Downloads\CodecPerformerSetup.exe (Adware.InstallBrain) -> Delete on reboot.</p><p></p><p>Physical Sectors Detected: 0</p><p>(No malicious items detected)</p><p></p><p>(end)</p><p></p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.07.0.1005</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 10.0.9200.16686</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED</p><p>CPU speed: 2.195000 GHz</p><p>Memory total: 8535261184, free: 6748913664</p><p></p><p>=======================================</p><p></p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.07.0.1005</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 10.0.9200.16686</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED</p><p>CPU speed: 2.195000 GHz</p><p>Memory total: 8535261184, free: 6757449728</p><p></p><p>Downloaded database version: v2013.09.20.01</p><p>Downloaded database version: v2013.08.06.01</p><p>=======================================</p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 09/19/2013 22:26:46</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\hal.dll</p><p>\SystemRoot\system32\kdcom.dll</p><p>\SystemRoot\system32\mcupdate_GenuineIntel.dll</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\CLFS.SYS</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\system32\drivers\ACPI.sys</p><p>\SystemRoot\system32\drivers\WMILIB.SYS</p><p>\SystemRoot\system32\drivers\msisadrv.sys</p><p>\SystemRoot\system32\drivers\pci.sys</p><p>\SystemRoot\system32\drivers\vdrvroot.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\system32\drivers\compbatt.sys</p><p>\SystemRoot\system32\drivers\BATTC.SYS</p><p>\SystemRoot\system32\drivers\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\system32\DRIVERS\iaStor.sys</p><p>\SystemRoot\system32\drivers\atapi.sys</p><p>\SystemRoot\system32\drivers\ataport.SYS</p><p>\SystemRoot\system32\drivers\msahci.sys</p><p>\SystemRoot\system32\drivers\PCIIDEX.SYS</p><p>\SystemRoot\system32\drivers\amdxata.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\system32\drivers\fileinfo.sys</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\msrpc.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\drivers\volsnap.sys</p><p>\SystemRoot\System32\Drivers\spldr.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\System32\drivers\hwpolicy.sys</p><p>\SystemRoot\system32\DRIVERS\hpdskflt.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\drivers\disk.sys</p><p>\SystemRoot\system32\drivers\CLASSPNP.SYS</p><p>\SystemRoot\system32\DRIVERS\cdrom.sys</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\system32\drivers\rdpencdd.sys</p><p>\SystemRoot\system32\drivers\rdprefmp.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwf.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\vwififlt.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\drivers\termdd.sys</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\system32\drivers\mssmbios.sys</p><p>\SystemRoot\System32\drivers\discache.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\drivers\blbdrive.sys</p><p>\SystemRoot\system32\DRIVERS\tunnel.sys</p><p>\SystemRoot\system32\DRIVERS\igdkmd64.sys</p><p>\SystemRoot\System32\drivers\dxgkrnl.sys</p><p>\SystemRoot\System32\drivers\dxgmms1.sys</p><p>\SystemRoot\system32\DRIVERS\HECIx64.sys</p><p>\SystemRoot\system32\DRIVERS\usbehci.sys</p><p>\SystemRoot\system32\DRIVERS\USBPORT.SYS</p><p>\SystemRoot\system32\DRIVERS\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\Rt64win7.sys</p><p>\SystemRoot\system32\DRIVERS\bcmwl664.sys</p><p>\SystemRoot\system32\DRIVERS\vwifibus.sys</p><p>\SystemRoot\system32\DRIVERS\RtsPStor.sys</p><p>\SystemRoot\system32\DRIVERS\nusb3xhc.sys</p><p>\SystemRoot\system32\DRIVERS\USBD.SYS</p><p>\SystemRoot\system32\DRIVERS\i8042prt.sys</p><p>\SystemRoot\system32\DRIVERS\kbdclass.sys</p><p>\SystemRoot\system32\DRIVERS\SynTP.sys</p><p>\SystemRoot\System32\Drivers\fastfat.SYS</p><p>\SystemRoot\system32\DRIVERS\mouclass.sys</p><p>\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys</p><p>\SystemRoot\system32\drivers\CmBatt.sys</p><p>\SystemRoot\system32\DRIVERS\Accelerometer.sys</p><p>\SystemRoot\system32\drivers\wmiacpi.sys</p><p>\SystemRoot\system32\DRIVERS\intelppm.sys</p><p>\SystemRoot\system32\drivers\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\clwvd.sys</p><p>\SystemRoot\system32\DRIVERS\ks.sys</p><p>\SystemRoot\system32\drivers\ksthunk.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\drivers\swenum.sys</p><p>\SystemRoot\system32\DRIVERS\circlass.sys</p><p>\SystemRoot\system32\DRIVERS\umbus.sys</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\system32\DRIVERS\nusb3hub.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\DRIVERS\stwrt64.sys</p><p>\SystemRoot\system32\DRIVERS\portcls.sys</p><p>\SystemRoot\system32\DRIVERS\drmk.sys</p><p>\SystemRoot\system32\DRIVERS\IntcDAud.sys</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\Drivers\dump_iaStor.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\system32\DRIVERS\monitor.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\System32\Drivers\usbvideo.sys</p><p>\SystemRoot\System32\cdd.dll</p><p>\SystemRoot\System32\ATMFD.DLL</p><p>\SystemRoot\system32\drivers\luafv.sys</p><p>\??\C:\Windows\system32\drivers\mbam.sys</p><p>\SystemRoot\system32\drivers\WudfPf.sys</p><p>\SystemRoot\system32\DRIVERS\WinUSB.sys</p><p>\SystemRoot\system32\DRIVERS\WUDFRd.sys</p><p>\SystemRoot\system32\DRIVERS\lltdio.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\SystemRoot\system32\drivers\HTTP.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\??\C:\Windows\system32\Drivers\rikvm_38F51D56.sys</p><p>\SystemRoot\system32\drivers\peauth.sys</p><p>\SystemRoot\System32\Drivers\secdrv.SYS</p><p>\SystemRoot\System32\DRIVERS\srvnet.sys</p><p>\SystemRoot\System32\drivers\tcpipreg.sys</p><p>\SystemRoot\System32\DRIVERS\srv2.sys</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\??\C:\Windows\system32\drivers\mbamchameleon.sys</p><p>\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys</p><p>\Windows\System32\ntdll.dll</p><p>\Windows\System32\smss.exe</p><p>\Windows\System32\apisetschema.dll</p><p>\Windows\System32\autochk.exe</p><p>\Windows\System32\difxapi.dll</p><p>\Windows\System32\oleaut32.dll</p><p>\Windows\System32\setupapi.dll</p><p>\Windows\System32\lpk.dll</p><p>\Windows\System32\msvcrt.dll</p><p>\Windows\System32\user32.dll</p><p>\Windows\System32\advapi32.dll</p><p>\Windows\System32\wininet.dll</p><p>\Windows\System32\imm32.dll</p><p>\Windows\System32\sechost.dll</p><p>\Windows\System32\imagehlp.dll</p><p>\Windows\System32\usp10.dll</p><p>\Windows\System32\kernel32.dll</p><p>\Windows\System32\gdi32.dll</p><p>\Windows\System32\shell32.dll</p><p>\Windows\System32\ole32.dll</p><p>\Windows\System32\psapi.dll</p><p>\Windows\System32\rpcrt4.dll</p><p>\Windows\System32\comdlg32.dll</p><p>\Windows\System32\normaliz.dll</p><p>\Windows\System32\msctf.dll</p><p>\Windows\System32\Wldap32.dll</p><p>\Windows\System32\urlmon.dll</p><p>\Windows\System32\ws2_32.dll</p><p>\Windows\System32\nsi.dll</p><p>\Windows\System32\clbcatq.dll</p><p>\Windows\System32\iertutil.dll</p><p>\Windows\System32\shlwapi.dll</p><p>\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll</p><p>\Windows\System32\wintrust.dll</p><p>\Windows\System32\KernelBase.dll</p><p>\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll</p><p>\Windows\System32\crypt32.dll</p><p>\Windows\System32\devobj.dll</p><p>\Windows\System32\cfgmgr32.dll</p><p>\Windows\System32\comctl32.dll</p><p>\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll</p><p>\Windows\System32\msasn1.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xfffffa8009901790</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Ide\IAAStorageDevice-1\</p><p>Lower Device Object: 0xfffffa8007aa3050</p><p>Lower Device Driver Name: \Driver\iaStor\</p><p><<<2>>></p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xfffffa8009901790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa80099011e0, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa8009901790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa8009807970, DeviceName: Unknown, DriverName: \Driver\hpdskflt\</p><p>DevicePointer: 0xfffffa8007aa3050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Done!</p><p>Drive 0</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 73081B05</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 407552</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 409600 Numsec = 1429237760</p><p></p><p> Partition 2 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 1429647360 Numsec = 35289088</p><p></p><p> Partition 3 type is Other (0xc)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 1464936448 Numsec = 210672</p><p></p><p>Disk Size: 750156374016 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...</p><p>Done!</p><p>Infected: C:\Users\martin2\Downloads\CodecPerformerSetup.exe --> [Adware.InstallBrain]</p><p>Scan finished</p><p>Creating System Restore point...</p><p>Cleaning up...</p><p>Removal scheduling successful. System shutdown needed.</p><p>System shutdown occurred</p><p>=======================================</p><p></p><p></p><p>Removal queue found; removal started</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...</p><p>Removal finished</p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.07.0.1005</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 10.0.9200.16686</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED</p><p>CPU speed: 2.195000 GHz</p><p>Memory total: 8535261184, free: 7158812672</p><p></p><p>=======================================</p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.07.0.1005</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 10.0.9200.16686</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED</p><p>CPU speed: 2.195000 GHz</p><p>Memory total: 8535261184, free: 6455681024</p><p></p><p>=======================================</p><p></p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.07.0.1005</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.1.7601 Windows 7 Service Pack 1 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 10.0.9200.16686</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED</p><p>CPU speed: 2.195000 GHz</p><p>Memory total: 8535261184, free: 6475997184</p><p></p><p>Downloaded database version: v2013.09.20.02</p><p>=======================================</p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 09/19/2013 23:28:28</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\hal.dll</p><p>\SystemRoot\system32\kdcom.dll</p><p>\SystemRoot\system32\mcupdate_GenuineIntel.dll</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\CLFS.SYS</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\System32\drivers\imofugc.sys</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\system32\drivers\ACPI.sys</p><p>\SystemRoot\system32\drivers\WMILIB.SYS</p><p>\SystemRoot\system32\drivers\msisadrv.sys</p><p>\SystemRoot\system32\drivers\pci.sys</p><p>\SystemRoot\system32\drivers\vdrvroot.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\system32\drivers\compbatt.sys</p><p>\SystemRoot\system32\drivers\BATTC.SYS</p><p>\SystemRoot\system32\drivers\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\system32\DRIVERS\iaStor.sys</p><p>\SystemRoot\system32\drivers\atapi.sys</p><p>\SystemRoot\system32\drivers\ataport.SYS</p><p>\SystemRoot\system32\drivers\msahci.sys</p><p>\SystemRoot\system32\drivers\PCIIDEX.SYS</p><p>\SystemRoot\system32\drivers\amdxata.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\system32\drivers\fileinfo.sys</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\msrpc.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\drivers\volsnap.sys</p><p>\SystemRoot\System32\Drivers\spldr.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\System32\drivers\hwpolicy.sys</p><p>\SystemRoot\system32\DRIVERS\hpdskflt.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\drivers\disk.sys</p><p>\SystemRoot\system32\drivers\CLASSPNP.SYS</p><p>\SystemRoot\system32\DRIVERS\cdrom.sys</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\drivers\VIDEOPRT.SYS</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\system32\drivers\rdpencdd.sys</p><p>\SystemRoot\system32\drivers\rdprefmp.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwf.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\vwififlt.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\drivers\termdd.sys</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\system32\drivers\mssmbios.sys</p><p>\SystemRoot\System32\drivers\discache.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\drivers\blbdrive.sys</p><p>\SystemRoot\system32\DRIVERS\tunnel.sys</p><p>\SystemRoot\system32\DRIVERS\igdkmd64.sys</p><p>\SystemRoot\System32\drivers\dxgkrnl.sys</p><p>\SystemRoot\System32\drivers\dxgmms1.sys</p><p>\SystemRoot\System32\Drivers\fastfat.SYS</p><p>\SystemRoot\system32\DRIVERS\HECIx64.sys</p><p>\SystemRoot\system32\DRIVERS\usbehci.sys</p><p>\SystemRoot\system32\DRIVERS\USBPORT.SYS</p><p>\SystemRoot\system32\DRIVERS\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\Rt64win7.sys</p><p>\SystemRoot\system32\DRIVERS\bcmwl664.sys</p><p>\SystemRoot\system32\DRIVERS\vwifibus.sys</p><p>\SystemRoot\system32\DRIVERS\RtsPStor.sys</p><p>\SystemRoot\system32\DRIVERS\nusb3xhc.sys</p><p>\SystemRoot\system32\DRIVERS\USBD.SYS</p><p>\SystemRoot\system32\DRIVERS\i8042prt.sys</p><p>\SystemRoot\system32\DRIVERS\kbdclass.sys</p><p>\SystemRoot\system32\DRIVERS\SynTP.sys</p><p>\SystemRoot\system32\DRIVERS\mouclass.sys</p><p>\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys</p><p>\SystemRoot\system32\drivers\CmBatt.sys</p><p>\SystemRoot\system32\DRIVERS\Accelerometer.sys</p><p>\SystemRoot\system32\drivers\wmiacpi.sys</p><p>\SystemRoot\system32\DRIVERS\intelppm.sys</p><p>\SystemRoot\system32\drivers\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\clwvd.sys</p><p>\SystemRoot\system32\DRIVERS\ks.sys</p><p>\SystemRoot\system32\drivers\ksthunk.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\drivers\swenum.sys</p><p>\SystemRoot\system32\DRIVERS\circlass.sys</p><p>\SystemRoot\system32\DRIVERS\umbus.sys</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\system32\DRIVERS\nusb3hub.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\DRIVERS\stwrt64.sys</p><p>\SystemRoot\system32\DRIVERS\portcls.sys</p><p>\SystemRoot\system32\DRIVERS\drmk.sys</p><p>\SystemRoot\system32\DRIVERS\IntcDAud.sys</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\Drivers\dump_iaStor.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\System32\Drivers\usbvideo.sys</p><p>\SystemRoot\system32\DRIVERS\monitor.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\System32\cdd.dll</p><p>\SystemRoot\System32\ATMFD.DLL</p><p>\SystemRoot\system32\drivers\luafv.sys</p><p>\??\C:\Windows\system32\drivers\mbam.sys</p><p>\SystemRoot\system32\drivers\WudfPf.sys</p><p>\SystemRoot\system32\DRIVERS\WinUSB.sys</p><p>\SystemRoot\system32\DRIVERS\WUDFRd.sys</p><p>\SystemRoot\system32\DRIVERS\lltdio.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\SystemRoot\system32\drivers\HTTP.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\??\C:\Windows\system32\Drivers\rikvm_38F51D56.sys</p><p>\SystemRoot\system32\drivers\peauth.sys</p><p>\SystemRoot\System32\Drivers\secdrv.SYS</p><p>\SystemRoot\System32\DRIVERS\srvnet.sys</p><p>\SystemRoot\System32\drivers\tcpipreg.sys</p><p>\SystemRoot\System32\DRIVERS\srv2.sys</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\??\C:\Windows\system32\drivers\mbamchameleon.sys</p><p>\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys</p><p>\Windows\System32\ntdll.dll</p><p>\Windows\System32\smss.exe</p><p>\Windows\System32\apisetschema.dll</p><p>\Windows\System32\autochk.exe</p><p>\Windows\System32\urlmon.dll</p><p>\Windows\System32\psapi.dll</p><p>\Windows\System32\rpcrt4.dll</p><p>\Windows\System32\usp10.dll</p><p>\Windows\System32\comdlg32.dll</p><p>\Windows\System32\ole32.dll</p><p>\Windows\System32\setupapi.dll</p><p>\Windows\System32\shlwapi.dll</p><p>\Windows\System32\imagehlp.dll</p><p>\Windows\System32\gdi32.dll</p><p>\Windows\System32\advapi32.dll</p><p>\Windows\System32\lpk.dll</p><p>\Windows\System32\msctf.dll</p><p>\Windows\System32\normaliz.dll</p><p>\Windows\System32\nsi.dll</p><p>\Windows\System32\clbcatq.dll</p><p>\Windows\System32\msvcrt.dll</p><p>\Windows\System32\ws2_32.dll</p><p>\Windows\System32\kernel32.dll</p><p>\Windows\System32\wininet.dll</p><p>\Windows\System32\difxapi.dll</p><p>\Windows\System32\user32.dll</p><p>\Windows\System32\shell32.dll</p><p>\Windows\System32\Wldap32.dll</p><p>\Windows\System32\oleaut32.dll</p><p>\Windows\System32\sechost.dll</p><p>\Windows\System32\iertutil.dll</p><p>\Windows\System32\imm32.dll</p><p>\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll</p><p>\Windows\System32\comctl32.dll</p><p>\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll</p><p>\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll</p><p>\Windows\System32\wintrust.dll</p><p>\Windows\System32\devobj.dll</p><p>\Windows\System32\cfgmgr32.dll</p><p>\Windows\System32\crypt32.dll</p><p>\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll</p><p>\Windows\System32\KernelBase.dll</p><p>\Windows\System32\msasn1.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xfffffa8009906790</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Ide\IAAStorageDevice-1\</p><p>Lower Device Object: 0xfffffa8007a4f050</p><p>Lower Device Driver Name: \Driver\iaStor\</p><p><<<2>>></p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xfffffa8009906790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa80099062c0, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa8009906790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xfffffa8009808b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\</p><p>DevicePointer: 0xfffffa8007a4f050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Done!</p><p>Drive 0</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 73081B05</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 2048 Numsec = 407552</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 409600 Numsec = 1429237760</p><p></p><p> Partition 2 type is Primary (0x7)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 1429647360 Numsec = 35289088</p><p></p><p> Partition 3 type is Other (0xc)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 1464936448 Numsec = 210672</p><p></p><p>Disk Size: 750156374016 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...</p><p>Done!</p><p>Scan finished</p><p>=======================================</p><p></p><p></p><p>Removal queue found; removal started</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...</p><p>Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...</p><p>Removal finished</p><p></p><p></p><p># AdwCleaner v3.004 - Report created 20/09/2013 at 00:45:15</p><p># Updated 15/09/2013 by Xplode</p><p># Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)</p><p># Username : Martin - NEGRA</p><p># Running from : C:\Users\Martin\Downloads\AdwCleaner.exe</p><p># Option : Clean</p><p></p><p>***** [ Services ] *****</p><p></p><p></p><p>***** [ Files / Folders ] *****</p><p></p><p>Folder Deleted : C:\Program Files (x86)\Conduit</p><p>Folder Deleted : C:\Program Files (x86)\TelevisionFanaticEI</p><p>Folder Deleted : C:\Users\Martin\AppData\Local\Conduit</p><p>Folder Deleted : C:\Users\Martin\AppData\Local\cre</p><p>Folder Deleted : C:\Users\Martin\AppData\LocalLow\Conduit</p><p>Folder Deleted : C:\Users\Martin\AppData\LocalLow\KeyBar_2.2</p><p>Folder Deleted : C:\Users\martin2\AppData\Local\Conduit</p><p>Folder Deleted : C:\Users\martin2\AppData\Local\cre</p><p>Folder Deleted : C:\Users\martin2\AppData\Local\SwvUpdater</p><p>Folder Deleted : C:\Users\martin2\AppData\LocalLow\Conduit</p><p>File Deleted : C:\END</p><p>File Deleted : C:\Users\Public\Desktop\eBay.lnk</p><p>File Deleted : C:\Windows\Tasks\AmiUpdXp.job</p><p>File Deleted : C:\Windows\System32\Tasks\AmiUpdXp</p><p></p><p>***** [ Shortcuts ] *****</p><p></p><p></p><p>***** [ Registry ] *****</p><p></p><p>Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS</p><p>Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801941</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309657</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BFEC236D-E122-4102-864F-F5F19D897F5E}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFEC236D-E122-4102-864F-F5F19D897F5E}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFEC236D-E122-4102-864F-F5F19D897F5E}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFEC236D-E122-4102-864F-F5F19D897F5E}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B4CCC280-BE6D-473F-8554-14C1CEC27128}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8347177F-E418-4C66-8A1B-EB26A9C9D3AF}</p><p>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}</p><p>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}</p><p>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}</p><p>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}</p><p>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}</p><p>Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BFEC236D-E122-4102-864F-F5F19D897F5E}]</p><p>Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BFEC236D-E122-4102-864F-F5F19D897F5E}]</p><p>Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BFEC236D-E122-4102-864F-F5F19D897F5E}]</p><p>Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BFEC236D-E122-4102-864F-F5F19D897F5E}]</p><p>Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}</p><p>Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}</p><p>Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}</p><p>Key Deleted : HKCU\Software\Conduit</p><p>Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes</p><p>Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar</p><p>Key Deleted : HKCU\Software\AppDataLow\Software\KeyBar_2.2</p><p>Key Deleted : HKLM\Software\Conduit</p><p>Key Deleted : HKLM\Software\KeyBar_2.2</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}</p><p></p><p>***** [ Browsers ] *****</p><p></p><p>-\\ Internet Explorer v10.0.9200.16686</p><p></p><p></p><p>-\\ Google Chrome v29.0.1547.66</p><p></p><p>[ File : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\preferences ]</p><p></p><p>Deleted : homepage</p><p>Deleted : icon_url</p><p>Deleted : search_url</p><p>Deleted : suggest_url</p><p>Deleted : keyword</p><p></p><p>[ File : C:\Users\martin2\AppData\Local\Google\Chrome\User Data\Default\preferences ]</p><p></p><p>Deleted : homepage</p><p></p><p>*************************</p><p></p><p>AdwCleaner[R0].txt - [6547 octets] - [20/09/2013 00:33:54]</p><p>AdwCleaner[S0].txt - [5836 octets] - [20/09/2013 00:45:15]</p><p></p><p>########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5896 octets] ##########</p><p></p><p>RogueKiller V8.6.12 [Sep 18 2013] by Tigzy</p><p>mail : tigzyRK<at>gmail<dot>com</p><p>Feedback : http://www.adlice.com/forum/</p><p>Website : http://www.adlice.com/softwares/roguekiller/</p><p>Blog : http://tigzyrk.blogspot.com/</p><p></p><p>Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version</p><p>Started in : Normal mode</p><p>User : Martin [Admin rights]</p><p>Mode : Scan -- Date : 09/20/2013 01:06:48</p><p>| ARK || FAK || MBR |</p><p></p><p>¤¤¤ Bad processes : 0 ¤¤¤</p><p></p><p>¤¤¤ Registry Entries : 5 ¤¤¤</p><p>[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND</p><p>[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND</p><p>[HJ DLL][SUSP PATH] HKLM\[...]\CCSet\[...]\Parameters : ServiceDll (C:\PROGRA~3\bvrjzjmql.pzz [x]) -> FOUND</p><p>[HJ DLL][SUSP PATH] HKLM\[...]\CS001\[...]\Parameters : ServiceDll (C:\PROGRA~3\bvrjzjmql.pzz [x]) -> FOUND</p><p>[HJ DLL][SUSP PATH] HKLM\[...]\CS002\[...]\Parameters : ServiceDll (C:\PROGRA~3\bvrjzjmql.pzz [x]) -> FOUND</p><p></p><p>¤¤¤ Scheduled tasks : 0 ¤¤¤</p><p></p><p>¤¤¤ Startup Entries : 0 ¤¤¤</p><p></p><p>¤¤¤ Web browsers : 0 ¤¤¤</p><p></p><p>¤¤¤ Particular Files / Folders: ¤¤¤</p><p></p><p>¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤</p><p></p><p>¤¤¤ External Hives: ¤¤¤</p><p></p><p>¤¤¤ Infection : ¤¤¤</p><p></p><p>¤¤¤ HOSTS File: ¤¤¤</p><p>--> %SystemRoot%\System32\drivers\etc\hosts</p><p></p><p></p><p></p><p></p><p>¤¤¤ MBR Check: ¤¤¤</p><p></p><p>+++++ PhysicalDrive0: ( @ ) - +++++</p><p>--- User ---</p><p>[MBR] a30d06ea33ab581b1e1658cf53c65b1c</p><p>[BSP] 0c316d1abb7218dd82db07b48251f8a4 : Windows 7/8 MBR Code</p><p>Partition table:</p><p>0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo</p><p>1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 697870 Mo</p><p>2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1429647360 | Size: 17231 Mo</p><p>3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo</p><p>User = LL1 ... OK!</p><p>User = LL2 ... OK!</p><p></p><p>Finished : << RKreport[0]_S_09202013_010648.txt >></p></blockquote><p></p>
[QUOTE="mknite, post: 136366, member: 12922"] Hello. Here are the logs. All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ deleted successfully. C:\Users\Martin\AppData\Local\DefineExt\temp.dat moved successfully. C:\ProgramData\bvrjzjmql.pff moved successfully. C:\ProgramData\bvrjzjmql.ctrl moved successfully. C:\ProgramData\23lldnur.pad moved successfully. C:\ProgramData\ras_0oed.pad moved successfully. ========== FILES ========== C:\Users\Martin\AppData\Local\DefineExt folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Guest ->Temp folder emptied: 343744 bytes ->Temporary Internet Files folder emptied: 214319717 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 6660518 bytes ->Flash cache emptied: 1403 bytes User: Martin ->Temp folder emptied: 175332915 bytes ->Temporary Internet Files folder emptied: 434470329 bytes ->Java cache emptied: 226640 bytes ->Google Chrome cache emptied: 345841413 bytes ->Flash cache emptied: 15739529 bytes User: martin2 ->Temp folder emptied: 13207757 bytes ->Temporary Internet Files folder emptied: 1952903 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 1905008 bytes ->Flash cache emptied: 506 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1517061 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 13165137 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43296625 bytes RecycleBin emptied: 640590777 bytes Total Files Cleaned = 1,820.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 09192013_220917 Files\Folders moved on Reboot... C:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Malwarebytes Anti-Rootkit BETA 1.07.0.1005 www.malwarebytes.org Database version: v2013.09.20.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 Martin :: NEGRA [administrator] 9/19/2013 10:26:49 PM mbar-log-2013-09-19 (22-26-49).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 272127 Time elapsed: 46 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\martin2\Downloads\CodecPerformerSetup.exe (Adware.InstallBrain) -> Delete on reboot. Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16686 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.195000 GHz Memory total: 8535261184, free: 6748913664 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16686 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.195000 GHz Memory total: 8535261184, free: 6757449728 Downloaded database version: v2013.09.20.01 Downloaded database version: v2013.08.06.01 ======================================= Initializing... ------------ Kernel report ------------ 09/19/2013 22:26:46 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\hpdskflt.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\bcmwl664.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\RtsPStor.sys \SystemRoot\system32\DRIVERS\nusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\CmBatt.sys \SystemRoot\system32\DRIVERS\Accelerometer.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\circlass.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\nusb3hub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\system32\DRIVERS\portcls.sys \SystemRoot\system32\DRIVERS\drmk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WinUSB.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\Drivers\rikvm_38F51D56.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\difxapi.dll \Windows\System32\oleaut32.dll \Windows\System32\setupapi.dll \Windows\System32\lpk.dll \Windows\System32\msvcrt.dll \Windows\System32\user32.dll \Windows\System32\advapi32.dll \Windows\System32\wininet.dll \Windows\System32\imm32.dll \Windows\System32\sechost.dll \Windows\System32\imagehlp.dll \Windows\System32\usp10.dll \Windows\System32\kernel32.dll \Windows\System32\gdi32.dll \Windows\System32\shell32.dll \Windows\System32\ole32.dll \Windows\System32\psapi.dll \Windows\System32\rpcrt4.dll \Windows\System32\comdlg32.dll \Windows\System32\normaliz.dll \Windows\System32\msctf.dll \Windows\System32\Wldap32.dll \Windows\System32\urlmon.dll \Windows\System32\ws2_32.dll \Windows\System32\nsi.dll \Windows\System32\clbcatq.dll \Windows\System32\iertutil.dll \Windows\System32\shlwapi.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\devobj.dll \Windows\System32\cfgmgr32.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8009901790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8007aa3050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8009901790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80099011e0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8009901790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8009807970, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa8007aa3050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 73081B05 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 1429237760 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1429647360 Numsec = 35289088 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 1464936448 Numsec = 210672 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)... Done! Infected: C:\Users\martin2\Downloads\CodecPerformerSetup.exe --> [Adware.InstallBrain] Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16686 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.195000 GHz Memory total: 8535261184, free: 7158812672 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16686 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.195000 GHz Memory total: 8535261184, free: 6455681024 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16686 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.195000 GHz Memory total: 8535261184, free: 6475997184 Downloaded database version: v2013.09.20.02 ======================================= Initializing... ------------ Kernel report ------------ 09/19/2013 23:28:28 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\imofugc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\system32\DRIVERS\hpdskflt.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\bcmwl664.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\RtsPStor.sys \SystemRoot\system32\DRIVERS\nusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\CmBatt.sys \SystemRoot\system32\DRIVERS\Accelerometer.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\circlass.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\nusb3hub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\system32\DRIVERS\portcls.sys \SystemRoot\system32\DRIVERS\drmk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WinUSB.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\Drivers\rikvm_38F51D56.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\urlmon.dll \Windows\System32\psapi.dll \Windows\System32\rpcrt4.dll \Windows\System32\usp10.dll \Windows\System32\comdlg32.dll \Windows\System32\ole32.dll \Windows\System32\setupapi.dll \Windows\System32\shlwapi.dll \Windows\System32\imagehlp.dll \Windows\System32\gdi32.dll \Windows\System32\advapi32.dll \Windows\System32\lpk.dll \Windows\System32\msctf.dll \Windows\System32\normaliz.dll \Windows\System32\nsi.dll \Windows\System32\clbcatq.dll \Windows\System32\msvcrt.dll \Windows\System32\ws2_32.dll \Windows\System32\kernel32.dll \Windows\System32\wininet.dll \Windows\System32\difxapi.dll \Windows\System32\user32.dll \Windows\System32\shell32.dll \Windows\System32\Wldap32.dll \Windows\System32\oleaut32.dll \Windows\System32\sechost.dll \Windows\System32\iertutil.dll \Windows\System32\imm32.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\devobj.dll \Windows\System32\cfgmgr32.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8009906790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8007a4f050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8009906790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80099062c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8009906790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8009808b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa8007a4f050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 73081B05 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 1429237760 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1429647360 Numsec = 35289088 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 1464936448 Numsec = 210672 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)... Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removal finished # AdwCleaner v3.004 - Report created 20/09/2013 at 00:45:15 # Updated 15/09/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Martin - NEGRA # Running from : C:\Users\Martin\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\TelevisionFanaticEI Folder Deleted : C:\Users\Martin\AppData\Local\Conduit Folder Deleted : C:\Users\Martin\AppData\Local\cre Folder Deleted : C:\Users\Martin\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Martin\AppData\LocalLow\KeyBar_2.2 Folder Deleted : C:\Users\martin2\AppData\Local\Conduit Folder Deleted : C:\Users\martin2\AppData\Local\cre Folder Deleted : C:\Users\martin2\AppData\Local\SwvUpdater Folder Deleted : C:\Users\martin2\AppData\LocalLow\Conduit File Deleted : C:\END File Deleted : C:\Users\Public\Desktop\eBay.lnk File Deleted : C:\Windows\Tasks\AmiUpdXp.job File Deleted : C:\Windows\System32\Tasks\AmiUpdXp ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801941 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309657 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BFEC236D-E122-4102-864F-F5F19D897F5E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFEC236D-E122-4102-864F-F5F19D897F5E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFEC236D-E122-4102-864F-F5F19D897F5E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFEC236D-E122-4102-864F-F5F19D897F5E} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B4CCC280-BE6D-473F-8554-14C1CEC27128} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8347177F-E418-4C66-8A1B-EB26A9C9D3AF} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BFEC236D-E122-4102-864F-F5F19D897F5E}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BFEC236D-E122-4102-864F-F5F19D897F5E}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BFEC236D-E122-4102-864F-F5F19D897F5E}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BFEC236D-E122-4102-864F-F5F19D897F5E}] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\KeyBar_2.2 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\KeyBar_2.2 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Google Chrome v29.0.1547.66 [ File : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : icon_url Deleted : search_url Deleted : suggest_url Deleted : keyword [ File : C:\Users\martin2\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage ************************* AdwCleaner[R0].txt - [6547 octets] - [20/09/2013 00:33:54] AdwCleaner[S0].txt - [5836 octets] - [20/09/2013 00:45:15] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5896 octets] ########## RogueKiller V8.6.12 [Sep 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Martin [Admin rights] Mode : Scan -- Date : 09/20/2013 01:06:48 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DLL][SUSP PATH] HKLM\[...]\CCSet\[...]\Parameters : ServiceDll (C:\PROGRA~3\bvrjzjmql.pzz [x]) -> FOUND [HJ DLL][SUSP PATH] HKLM\[...]\CS001\[...]\Parameters : ServiceDll (C:\PROGRA~3\bvrjzjmql.pzz [x]) -> FOUND [HJ DLL][SUSP PATH] HKLM\[...]\CS002\[...]\Parameters : ServiceDll (C:\PROGRA~3\bvrjzjmql.pzz [x]) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ( @ ) - +++++ --- User --- [MBR] a30d06ea33ab581b1e1658cf53c65b1c [BSP] 0c316d1abb7218dd82db07b48251f8a4 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 697870 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1429647360 | Size: 17231 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_09202013_010648.txt >> [/QUOTE]
Insert quotes…
Verification
Post reply
Top