System Progressive Protection

[tnt666]

Hello
One of my users have been infected with the System Progressive Protection virus. I have tried to follow the instructions from http://malwaretips.com/blogs/remove-system-progressive-protection/
Repairing the registry was fine.
When i tried to run RKill, which had been renamed as iExplore.exe on download, i get a command window which seems to show the status of RKill before the PC crashes and gives me a blue screen. I've attached a print of the command window before the PC crashed.

So now, i still have the virus but am unable to proceed as every time i run the RKill, PC crashes.

Any suggestions?

 

[kuttus]

Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

STEP 1: Repair your Windows Registry from System Progressive Protection malicious changes.

System Progressive Protection has changed your Windows registry settings so that when you try to run a executable file (ending with .exe ) , it will instead launch the infection rather than the desired program.

1. Download the registryfix.reg file to fix the malicious registry changes from System Progressive Protection.
   REGISTRYFIX.REG DOWNLOAD LINK (This link will automatically download the registry fix called registryfix.reg)
2. Double-click on registryfix.reg file to run it. Click “Yes” for Registry Editor prompt window,then click OK.

<hr />

STEP 2: Run a scan with OTL by OldTimer
<ol><li>Download the OTL utility using the below link :
<><a title="External link" href="http://oldtimer.geekstogo.com/OTL.exe" rel="nofollow external">OTL DOWNLOAD LINK</a> <em>(This link will automatically download OTL on your computer)</em></></li>
<li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL-logo.png" alt="" title="OTL-logo" width="106" height="118" class="alignnone size-full wp-image-3946" /></li>
<li>When the window appears, <>underneath Output</> at the top change it to <>Minimal Output</>.</li>
<li>Check the boxes beside <>LOP Check</> and <>Purity Check</>.</li>
<li>Click the<> Run Scan</> button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL.png" alt="" title="OTL" width="658" height="584" class="alignnone size-full wp-image-3945" /></li>
<li>When the scan completes, it will open two notepad windows. <>OTL.Txt</> and <>Extras.Txt</>. These are saved in the same location as OTL.
<>Please post this 2 logs in your first reply.</>.</li></ol>
<em>Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: <a title="External link" href="http://www.itxassociates.com/OT-Tools/OTL.scr" rel="nofollow external">OTL.scr</a>, or <a title="External link" href="http://oldtimer.geekstogo.com/OTL.com" rel="nofollow external">OTL.com</a>.</em>
<hr />


Please run the following utility so that I can get a log of your system...
STEP 3 : Run a scan with Combofix

Please read and follow very carefully the below instructions​

Download ComboFix from one of the following locations:

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
----------------------------------------------------------------
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

<ul>
<li>Close any open browsers.</li>
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
<>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <em><>before</></em> performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause <em>"unpredictable results"</em>.</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</>.Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>
-----------------------------------------------------------------

How to run the Combofix scan :

1. Double click on ComboFix.exe & follow the prompts.
2. Accept the disclaimer and allow to update if it asks
3. When finished, it shall produce a log for you.
   [*]Please include the C:\ComboFix.txt in your next reply.

Additional notes:
<ol><li> Do not mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li> Do not "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li> If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>


<hr />
What's next?

Add the following logs to your next post (You can find here details on how to use the Attachment System):
1. OTL Log
2. Combofix log
2. Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>

<hr />

 

[tnt666]

Hello Kuttus
Thanks for your reply. First question i have is regarding step 1. Do i need to go into safe mode to do this, or just run it in normal mode?
Thanks.

 

[kuttus]

Hi,

Please do all of this steps in the Normal mode...

 

[tnt666]

Next question:
Step 3: I get a pop up saying there's a newer version of Combofix. Do i update or not?

 

[tnt666]

OK. Above question has been answered by P.M. Thanks
Still on Combofix, i now have a pop up saying that the machine does not have the "Windows Recovery Console", and is offering to download\install it. Accept this or not?
Thanks

 

[kuttus]

Sure. Press on Yes.

 

[tnt666]

Hi
Scans have completed and here are the requested log files.
Thanks

 

[kuttus]

Ok,lets see what's going.

STEP 1: Run the below OTL fix
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL

:Files
C:\Documents and Settings\All Users\Application Data\050E560C01E079050000050E510883D8
C:\Documents and Settings\ldeshuss\Application Data\Kyumz
C:\Documents and Settings\ldeshuss\Application Data\Yfup

:Commands
[EmptyTemp]
[EmptyFlash]
[EmptyJava]
[Reboot]

<>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system</></li>
<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>

<hr />

STEP 2: Run a scan with Malwarebytes Anti-Malware in Chamelon mode

<ol>
<li>Download <>Malwarebytes Chameleon from the below link and extract it to a folder in a convenient location
<a title="External link" href="http://downloads.malwarebytes.org/file/chameleon" rel="nofollow external">MALWREBYTES CHAMELEON DOWNLOAD LINK</a> </>(This link will automatically download Malwarebytes Chameleon on your computer)</li>
<li>Make certain that your infected PC is connected to the internet and then open the folder you created or copied, on your infected computer and double-click on svchost.exe.
If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window.</em></li>
<li>Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for yo</li>
<li>Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click <>OK</> when it says that the database was updated successful</li>
<li>Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan</li>
<li>Upon completion of the scan, if anything has been detected, click on <>Show Result</></li>
<li>Have Malwarebytes Anti-Malware remove any threats that are detected and click <>Yes</> if prompted to reboot your computer to allow the removal process to complete</li>
<li>After your computer restarts, open <>Malwarebytes Anti-Malware</> and perform a Full System scan to verify that there are no remaining threats</li>
Please add both logs in your next reply.
</ol>

<hr />

STEP 3: Run a scan with RogueKiller
<ol>
<li>Please <>download the latest official version of </><>RogueKiller</>.
<a href="http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe" rel="nofollow" target="_blank">ROGUEKILLER DOWNLOAD LINK</a> (This link will automatically download RogueKiller on your computer)</li>
<li><>Double click on RogueKiller.exe</> to start this utility and then <>wait for the Prescan to complete</>.This should take only a few seconds and then you can <>click the Start button</> to perform a system scan.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-1.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
<li>After the scan has completed, <>press the Delete button</> to remove any malicious registry keys.
<img title="Press Delete to remove the malicious registry keys" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-2.png" alt="[Image: roguekiller-2.png]" width="600" height="450" border="0" /></li>
<li>Next we will need to restore your shortcuts, <>so click on the ShortcutsFix button </>and allow the program to run.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-3.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
</ol>

The report has been created on the desktop.In your next reply please post:

All RKreport.txt text files located on your desktop.

<hr />
What's next?

Please add in your next reply:
1.New OTL Log
2.Malwarebytes log
3.RogueKiller logs
4.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>

 

[tnt666]

I've re-run OTL with the fix. Here's the log file below. I've had to copy and paste as it's telling me the type of file i attached is not allowed.
Malwarebytes has completed running the quick scan, 4 threats found and removed and machine rebooted. Log file attached
Malwarebytes is now performing a full scan.
I'm actually done for the day at the office now, so i'll continue with this on Monday and post the additional logs then.
For the moment, thanks for the help provided so far and have a nice weekend

______________________________________________________________
All processes killed
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\050E560C01E079050000050E510883D8 folder moved successfully.
C:\Documents and Settings\ldeshuss\Application Data\Kyumz folder moved successfully.
C:\Documents and Settings\ldeshuss\Application Data\Yfup folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41085 bytes

User: etoss1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Flash cache emptied: 41085 bytes

User: ldeshuss
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 209586192 bytes
->Java cache emptied: 2493393 bytes
->Google Chrome cache emptied: 263543670 bytes
->Flash cache emptied: 74583 bytes

User: ldeshuss.old0622012
->Temp folder emptied: 31853009 bytes
->Temporary Internet Files folder emptied: 1175049 bytes
->Flash cache emptied: 41085 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Profile TomTom backup 02022012

User: PrtAdmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes

User: prtadmin.LT-16528
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41085 bytes

User: RollOutPP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 479 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 87307 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 6867635 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 493.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: etoss1
->Flash cache emptied: 0 bytes

User: ldeshuss
->Flash cache emptied: 0 bytes

User: ldeshuss.old0622012
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Profile TomTom backup 02022012

User: PrtAdmin

User: prtadmin.LT-16528
->Flash cache emptied: 0 bytes

User: RollOutPP
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: etoss1

User: ldeshuss
->Java cache emptied: 0 bytes

User: ldeshuss.old0622012

User: LocalService

User: NetworkService

User: Profile TomTom backup 02022012

User: PrtAdmin

User: prtadmin.LT-16528

User: RollOutPP
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11092012_180321

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[kuttus]

Okay. It seems we are almost completed.
After completing the following steps upload the latest logs for me and work on your computer and make sure everything is working fine.

STEP 1: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
>>> IF you are experiencing problems while trying to start HitmanPro, you can use the Force Breach mode.To start HitmanPro in Force Breach mode, hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including the malware process. (How to start HitmanPro in Force Breach mode – Video)
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />
STEP 2 : Check and make sure you are using the Latest version of Java on your computer.

<img src="http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif" alt="Posted Image" /> <>UPDATE JAVA</>

Your version of <>Java</><> is out of date</>. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of <>Java</> components and update:
<ul>
<li>Please download <a title="External link" href="http://singularlabs.com/software/javara/javara-download/" rel="nofollow external"><>JavaRa</></a> to your desktop.
<ul>
<li>Click the <>Download</> button next to <>Windows Binary (.zip)</> Version 1.16 to download <>JavaRA</> and unzip it to its own folder.</li>
</ul>
</li>
<li><>Run JavaRa.exe</></li>
<li>Pick the language of your choice and click <>Select</>. Then click <>Remove Older Versions</>. Accept any prompts.
<img src="http://singularlabs.com/wp-content/uploads/2011/05/JavaRa1.png" alt="Posted Image" /></li>
<li><>Open JavaRa.exe again</> and select <>Search For Updates</>.</li>
<li>Select <>Update Using Sun Java's Website</> then click <>Search</> and click on the <>Open Webpage</> button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
</li>
</ul>
<hr />

What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):

1. HitmanPro log
2. Let me know if you had any problems with the above instructions and also let me know how things are running now!

 

[tnt666]

Hi
So just carrying on from Friday, the Malwarebytes Full Scan has been completed and also the actions for Rogue Killer has been performed. The corresponding log files are attached.
I will now proceed with the instructions you have outlined in the last post.
Thanks.

 

[tnt666]

I've downloaded and run the Hitmanpro, but when it comes to Step 4, i don't get the option to Activate free license. Did i miss a step somewhere?

 

[kuttus]

Hi,

HitmanPro doesn't give a free trial for corporate laptops. So that may be the reason you are not able to activate it...

Please try the following steps now.

Run a scan with ESET and Kaspersky virus removal tool:
STEP 1: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />

STEP 2: Run a scan with Kaspersky Virus Removal Tool
<ol><li>Download Kaspersky Virus Removal Tool from the below link and then double click on it to start this utility.
<><a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow">KASPERSKY VIRUS REMOVAL TOOL</a></> <em>(This link open an new webpage from where you can download Kaspersky Virus Removal Tool on your computer.)</em></li>
<li>Follow the onscreen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li><span style="color: #ff0000;">System Memory</span></li>
<li><span style="color: #ff0000;">Hidden startup objects</span></li>
<li><span style="color: #ff0000;">Disk boot sectors</span></li>
<li><span style="color: #ff0000;">Local Disk (C: )</span></li>
<li><span style="color: #ff0000;">Also any other drives (Removable that you may have)</span></li>
</ul>
</li>
<li>Then click on <>Actions</> on the left hand side</li>
<li>Click <>Select Action</>, then make sure both <>Disinfect</> and <>Delete if disinfection fails</> are ticked</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>
<hr />

What's next?

Please add in your next reply:
1.ESET log
2. Kaspersky Virus Removal log
3.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>

 

[tnt666]

Hi
So, despite Hitmanpro detecting a number of threats, i think it was about 7, neither ESET or Kaspersky detected anything, therefore no files attached.
Are there any further scans that i need to perform?
Thanks

 

[Jack]

Hello TNT666,
Can you please run again HitmanPro and save a log.
STEP 1: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start a HitmanPro scan by <>double clicking on the previously downloaded file</> and then following the prompts.

</li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.
<>DO NOT REMOVE ANYTHING!</>,instead click on the Save log button (next to the green Buy now button) , then click on Close.

</li>
<li> Post the HitmanPro log in your next reply</li>
</ol>

 

[tnt666]

Here's the Hitmanpro log. Again, it's not allowing me to attach this type of file, "The type of file that you attached is not allowed. Please remove the attachment or choose a different type." So here's the actual text of the log.
Thanks
____________________________________________________________

HitmanPro 3.6.2.174
www.hitmanpro.com

   Computer name . . . . : LT-16528
   Windows . . . . . . . : 5.1.3.2600.X86/2
   User name . . . . . . : DIVISIONS\ldeshuss
   License . . . . . . . : Free

   Scan date . . . . . . : 2012-11-12 18:15:12
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 12s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 7
   Traces  . . . . . . . : 222

   Objects scanned . . . : 877'341
   Files scanned . . . . : 14'026
   Remnants scanned  . . : 124'002 files / 739'313 keys

Malware remnants ____________________________________________________________

   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}\ (Adware.MyWebSearch)
   HKU\S-1-5-21-693288040-1928095304-2332248451-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch)
   HKU\S-1-5-21-693288040-1928095304-2332248451-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch)
   HKU\S-1-5-21-693288040-1928095304-2332248451-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}\ (Adware.MyWebSearch)
   HKU\S-1-5-21-693288040-1928095304-2332248451-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch)
   HKU\S-1-5-21-693288040-1928095304-2332248451-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch)
   HKU\S-1-5-21-693288040-1928095304-2332248451-1005\Software\MyWebSearch\ (Adware.MyWebSearch)

Potential Unwanted Programs _________________________________________________

   C:\Documents and Settings\RollOutPP\Application Data\Babylon\ (Babylon)
   C:\Documents and Settings\RollOutPP\Application Data\Babylon\BabylonTC.conf (Babylon)
   C:\Documents and Settings\RollOutPP\Application Data\Babylon\BabylonTC.log (Babylon)
   C:\Documents and Settings\RollOutPP\Application Data\Babylon\Content\icons\ (Babylon)
   C:\Documents and Settings\RollOutPP\Application Data\Babylon\Content\icons\6RHZSDV3KE_glossary_icon.ico (Babylon)
   C:\Documents and Settings\RollOutPP\Application Data\Babylon\Content\icons\B3UREHM8F6_glossary_icon.ico (Babylon)
   C:\Documents and Settings\RollOutPP\Application Data\Babylon\Content\icons\BTMJWKZGYE_glossary_icon.ico (Babylon)
   C:\Documents and Settings\RollOutPP\Application Data\Babylon\Content\icons\HCZ7J3Q8UA_glossary_icon.ico (Babylon)
   C:\Documents and Settings\RollOutPP\Application Data\Babylon\Content\icons\QGDUSRR4JA_glossary_icon.ico (Babylon)
   C:\Documents and Settings\RollOutPP\Application Data\Babylon\FLStat.dat (Babylon)
   C:\Documents and Settings\RollOutPP\Application Data\Babylon\log_file.txt (Babylon)
   C:\Documents and Settings\RollOutPP\Application Data\Babylon\MyList.dat (Babylon)
   C:\Documents and Settings\RollOutPP\Application Data\Babylon\ocr_cache (Babylon)
   C:\Documents and Settings\RollOutPP\Application Data\Babylon\ocr_data (Babylon)
   C:\Documents and Settings\RollOutPP\Application Data\Babylon\updates\ (Babylon)
   C:\Documents and Settings\RollOutPP\Application Data\Babylon\updates\convert.dat (Babylon)
   C:\Documents and Settings\RollOutPP\Application Data\Babylon\updates\rates.dat (Babylon)
   C:\Documents and Settings\RollOutPP\Local Settings\Application Data\Babylon\ (Babylon)
   C:\Documents and Settings\RollOutPP\Local Settings\Application Data\Babylon\BabAll.bak (Babylon)
   HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}\ (Babylon)
   HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}\ (Babylon)
   HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\ (Babylon)

Cookies _____________________________________________________________________

   C:\Documents and Settings\ldeshuss\Cookies\0Z8WZAPK.txt
   C:\Documents and Settings\ldeshuss\Cookies\1BE5KCH4.txt
   C:\Documents and Settings\ldeshuss\Cookies\1CT3PHPV.txt
   C:\Documents and Settings\ldeshuss\Cookies\1O64X4Y0.txt
   C:\Documents and Settings\ldeshuss\Cookies\1QGU2M5F.txt
   C:\Documents and Settings\ldeshuss\Cookies\1S7XVME2.txt
   C:\Documents and Settings\ldeshuss\Cookies\2NQEXR5L.txt
   C:\Documents and Settings\ldeshuss\Cookies\35KP2H8D.txt
   C:\Documents and Settings\ldeshuss\Cookies\40ORRT92.txt
   C:\Documents and Settings\ldeshuss\Cookies\4TU7I79Q.txt
   C:\Documents and Settings\ldeshuss\Cookies\56CJORRM.txt
   C:\Documents and Settings\ldeshuss\Cookies\592ZNN2Q.txt
   C:\Documents and Settings\ldeshuss\Cookies\5ABCP024.txt
   C:\Documents and Settings\ldeshuss\Cookies\5FG7JF5O.txt
   C:\Documents and Settings\ldeshuss\Cookies\5FQ44UHT.txt
   C:\Documents and Settings\ldeshuss\Cookies\5O4DXY84.txt
   C:\Documents and Settings\ldeshuss\Cookies\5Q2DT1NF.txt
   C:\Documents and Settings\ldeshuss\Cookies\5VJUN36U.txt
   C:\Documents and Settings\ldeshuss\Cookies\68BPYW4M.txt
   C:\Documents and Settings\ldeshuss\Cookies\6CF3DA5H.txt
   C:\Documents and Settings\ldeshuss\Cookies\6CLJI5C5.txt
   C:\Documents and Settings\ldeshuss\Cookies\6ZXCPW7O.txt
   C:\Documents and Settings\ldeshuss\Cookies\72TORAGY.txt
   C:\Documents and Settings\ldeshuss\Cookies\7ONTZSL8.txt
   C:\Documents and Settings\ldeshuss\Cookies\7PHEFUS3.txt
   C:\Documents and Settings\ldeshuss\Cookies\80GGZ94O.txt
   C:\Documents and Settings\ldeshuss\Cookies\8BZ1IFM5.txt
   C:\Documents and Settings\ldeshuss\Cookies\8GT9N9K2.txt
   C:\Documents and Settings\ldeshuss\Cookies\92FCJ49Z.txt
   C:\Documents and Settings\ldeshuss\Cookies\9HSJJJBZ.txt
   C:\Documents and Settings\ldeshuss\Cookies\9IYTHVK9.txt
   C:\Documents and Settings\ldeshuss\Cookies\9JMKLAW6.txt
   C:\Documents and Settings\ldeshuss\Cookies\9VJ4C7LQ.txt
   C:\Documents and Settings\ldeshuss\Cookies\9XJLF8W7.txt
   C:\Documents and Settings\ldeshuss\Cookies\9Z3D0SU9.txt
   C:\Documents and Settings\ldeshuss\Cookies\ADN0HZ7B.txt
   C:\Documents and Settings\ldeshuss\Cookies\B205OQWK.txt
   C:\Documents and Settings\ldeshuss\Cookies\BB2UFJUS.txt
   C:\Documents and Settings\ldeshuss\Cookies\BOAHTV11.txt
   C:\Documents and Settings\ldeshuss\Cookies\CLV3LN5Z.txt
   C:\Documents and Settings\ldeshuss\Cookies\CPH80OIM.txt
   C:\Documents and Settings\ldeshuss\Cookies\DPCZ028A.txt
   C:\Documents and Settings\ldeshuss\Cookies\DV9MCTCT.txt
   C:\Documents and Settings\ldeshuss\Cookies\DXET9HZG.txt
   C:\Documents and Settings\ldeshuss\Cookies\DY2N27GF.txt
   C:\Documents and Settings\ldeshuss\Cookies\E4C58NNJ.txt
   C:\Documents and Settings\ldeshuss\Cookies\ECI5VCEX.txt
   C:\Documents and Settings\ldeshuss\Cookies\EOTKXE4E.txt
   C:\Documents and Settings\ldeshuss\Cookies\EYOJ3DFZ.txt
   C:\Documents and Settings\ldeshuss\Cookies\F1OZZW5M.txt
   C:\Documents and Settings\ldeshuss\Cookies\F360N2M1.txt
   C:\Documents and Settings\ldeshuss\Cookies\FI9JJ0Q1.txt
   C:\Documents and Settings\ldeshuss\Cookies\FXT39D12.txt
   C:\Documents and Settings\ldeshuss\Cookies\G0WOG3CM.txt
   C:\Documents and Settings\ldeshuss\Cookies\G18HHB11.txt
   C:\Documents and Settings\ldeshuss\Cookies\GBUO9GZK.txt
   C:\Documents and Settings\ldeshuss\Cookies\GER204YR.txt
   C:\Documents and Settings\ldeshuss\Cookies\GHNUPVAP.txt
   C:\Documents and Settings\ldeshuss\Cookies\GJG7R34M.txt
   C:\Documents and Settings\ldeshuss\Cookies\GSNUMDSG.txt
   C:\Documents and Settings\ldeshuss\Cookies\GZ7OJBNU.txt
   C:\Documents and Settings\ldeshuss\Cookies\H00ZGW69.txt
   C:\Documents and Settings\ldeshuss\Cookies\H27X43RA.txt
   C:\Documents and Settings\ldeshuss\Cookies\HEPXR0F0.txt
   C:\Documents and Settings\ldeshuss\Cookies\HSGLWX30.txt
   C:\Documents and Settings\ldeshuss\Cookies\IRWT53RX.txt
   C:\Documents and Settings\ldeshuss\Cookies\J2L49BAI.txt
   C:\Documents and Settings\ldeshuss\Cookies\J36LHMK1.txt
   C:\Documents and Settings\ldeshuss\Cookies\J4S0ABTR.txt
   C:\Documents and Settings\ldeshuss\Cookies\K26G451B.txt
   C:\Documents and Settings\ldeshuss\Cookies\KD930G1K.txt
   C:\Documents and Settings\ldeshuss\Cookies\KWDOZX6A.txt
   C:\Documents and Settings\ldeshuss\Cookies\KWP28DWO.txt
   C:\Documents and Settings\ldeshuss\Cookies\L0W0CSRQ.txt
   C:\Documents and Settings\ldeshuss\Cookies\LDDIOR71.txt
   C:\Documents and Settings\ldeshuss\Cookies\ldeshuss@ad.yieldmanager[11].txt
   C:\Documents and Settings\ldeshuss\Cookies\ldeshuss@atdmt[3].txt
   C:\Documents and Settings\ldeshuss\Cookies\ldeshuss@fastclick[7].txt
   C:\Documents and Settings\ldeshuss\Cookies\ldeshuss@media6degrees[5].txt
   C:\Documents and Settings\ldeshuss\Cookies\M7F3EVT2.txt
   C:\Documents and Settings\ldeshuss\Cookies\MQJHGBMS.txt
   C:\Documents and Settings\ldeshuss\Cookies\N5SP72I8.txt
   C:\Documents and Settings\ldeshuss\Cookies\NBJI0WUJ.txt
   C:\Documents and Settings\ldeshuss\Cookies\NCQECKLY.txt
   C:\Documents and Settings\ldeshuss\Cookies\NI6YMHXG.txt
   C:\Documents and Settings\ldeshuss\Cookies\NJOYT4ME.txt
   C:\Documents and Settings\ldeshuss\Cookies\OHR5M600.txt
   C:\Documents and Settings\ldeshuss\Cookies\OOH23NTS.txt
   C:\Documents and Settings\ldeshuss\Cookies\OZ78VEON.txt
   C:\Documents and Settings\ldeshuss\Cookies\P0WBF0YZ.txt
   C:\Documents and Settings\ldeshuss\Cookies\P3HW82CY.txt
   C:\Documents and Settings\ldeshuss\Cookies\PFDOUW73.txt
   C:\Documents and Settings\ldeshuss\Cookies\PHBA0Z31.txt
   C:\Documents and Settings\ldeshuss\Cookies\PIFCM0J6.txt
   C:\Documents and Settings\ldeshuss\Cookies\PJPIDYCX.txt
   C:\Documents and Settings\ldeshuss\Cookies\PU38A8BB.txt
   C:\Documents and Settings\ldeshuss\Cookies\R2G0NO0J.txt
   C:\Documents and Settings\ldeshuss\Cookies\RFDINEI9.txt
   C:\Documents and Settings\ldeshuss\Cookies\RUZDE3PN.txt
   C:\Documents and Settings\ldeshuss\Cookies\S4LYLIMX.txt
   C:\Documents and Settings\ldeshuss\Cookies\TL3JTFCG.txt
   C:\Documents and Settings\ldeshuss\Cookies\UEVZ6Z1Q.txt
   C:\Documents and Settings\ldeshuss\Cookies\UHR8FJ28.txt
   C:\Documents and Settings\ldeshuss\Cookies\UN80J0JD.txt
   C:\Documents and Settings\ldeshuss\Cookies\V3U885GL.txt
   C:\Documents and Settings\ldeshuss\Cookies\VCOGP1C5.txt
   C:\Documents and Settings\ldeshuss\Cookies\VOSY0PX9.txt
   C:\Documents and Settings\ldeshuss\Cookies\VS0BJANA.txt
   C:\Documents and Settings\ldeshuss\Cookies\WIWN5J5W.txt
   C:\Documents and Settings\ldeshuss\Cookies\X076INMQ.txt
   C:\Documents and Settings\ldeshuss\Cookies\X1ZD9R7A.txt
   C:\Documents and Settings\ldeshuss\Cookies\X8CK7JHX.txt
   C:\Documents and Settings\ldeshuss\Cookies\XGK6YBXP.txt
   C:\Documents and Settings\ldeshuss\Cookies\XMYQN1S5.txt
   C:\Documents and Settings\ldeshuss\Cookies\XT1SCLY4.txt
   C:\Documents and Settings\ldeshuss\Cookies\YVYQXW1B.txt
   C:\Documents and Settings\ldeshuss\Cookies\Z0G67V3H.txt
   C:\Documents and Settings\ldeshuss\Cookies\Z7JQBE9Q.txt
   C:\Documents and Settings\ldeshuss\Cookies\ZBDUYZCW.txt
   C:\Documents and Settings\ldeshuss\Cookies\ZPUUP2GK.txt
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.caradisiac-publicite.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.motormedia.ch
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.piximedia.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adbrite.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.adverline.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.ookla.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adserver.local.ch
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:advertstream.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adviva.net
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:aimfar.solution.weborama.fr
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:autoscout24.112.2o7.net
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ehg-tfl.hitbox.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:fl01.ct2.comclick.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:fr.sitestat.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:hitbox.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:nl.sitestat.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:regus.122.2o7.net
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:sonycorporate.112.2o7.net
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:sonyeurope.112.2o7.net
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:stat.onestat.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:usatoday1.112.2o7.net
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:weborama.fr
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:www.etracker.de
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
   C:\Documents and Settings\ldeshuss\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:zedo.com

 

[Jack]

The good news is that this are just some unwanted and harmless programs....Babylon toolbar and MyWebSearch.
Lets run the following tools:
STEP 1: Run a scan with Security Check
<ol><li>Download <>Security Check</> from the below link:
<a href="http://screen317.spywareinfoforum.org/SecurityCheck.exe" target="_blank">SECURITY CHECK DOWNLOAD LINK</a> (This link will automatically download Security Check on your computer)</li>
<li>Double-click <>SecurityCheck.exe</></li>
<li>Follow the onscreen instructions inside of the black box.</li>
<li>A <>Notepad</> document should open automatically called <>checkup.txt</>; please post the contents of that document.
</ol>
<hr/>
STEP 2: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):
1.Security Check log
2.AdwCleaner log
3.Let me know if you had any problems with the above instructions and also let me know how things are running now!

 

[tnt666]

Scans done and here are the logs.
Thanks

 

[kuttus]

This type infection has come from some insecure websites. When you visit an unsafe website, a message pops up and tells you to first download a newer version of Flash player to play the video or to view this website. You might get inclined to click on the pop up for the reason that it's telling you to install a newer version of flash player, Please do not do this. It's a virus.

Sometimes it may be in the form of “install drivers (or) plug-in's (or) active X controls etc”. If we click on these pop ups (knowingly or unknowingly), it will automatically install a malicious spy ware on your computer.

These pop-ups may contain multiple options like Save, Run, Cancel, Yes, No etc. If we click on any of these options it will automatically install this spy ware. The best solution to avoid this spy ware is to close the browser window like internet explorer, fire fox etc.

We should be aware of this situation and never download an Adobe Flash Player through any source other than the Adobe.com website. If you are ever uncertain of a Flash Player Update it may be best to cancel the operation and navigate to http://www.adobe.com and download the update.


You can always check if your Java is up to date by using this site and clicking on Do I have Java.
With the HitmanPro scan giving us the green light and unless you are having other problems, it is time to do the final steps.

Now please work on your computer and make sure there is no more problems you are facing on your computer.

<hr />

STEP 1 :Remove ComboFix from your computer
<ol>
<li>Hold down the <>Windows key</> + <>R</> on your keyboard. This will display the Run dialogue box</li>
<li>In the Run box, type in <>ComboFix /Uninstall</> <em>(Notice the space between the "x" and "/")</em> then click <>OK</> <a href="http://malwaretips.com/blogs/wp-content/uploads/2012/07/combofix-uninstall.png"><img class="alignnone size-full wp-image-4129" title="Uninstall Combofix" src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/combofix-uninstall.png" alt="Combofix uninstall command" width="413" height="212" /></a></li>
<li>Follow the prompts on the screen</li>
<li>A message should appear confirming that ComboFix was uninstalled</li>
</ol>
<hr />

STEP 2: Remove the OTL utility from your computer

Run OTL and hit the <>CleanUp</> button. It will remove all the programmes we have used plus itself. We will now confirm that your hidden files are set to that, as some of the tools I use will change that
<ol>
<li>Go to control panel</li>
<li>Select folder options (Appearance > Folder options in category view)</li>
<li>Select the View Tab.</li>
<li>Under the Hidden files and folders heading select <>Do not show hidden files and folders</>.</li>
<li>Click Yes to confirm.</li>
<li>Click OK.</li>
</ol>
<hr />

STEP 3: Delete the old restore points and ceate a new Restore Point
<ol>
<li>Go to <>Control Panel </>and select <>System </></li>
<li>Select <>System</></li>
<li>On the left select<> System Protection </>and accept the warning if you get one</li>
<li>Select <>System Protection Tab</></li>
<li>Select <>Create</> at the bottom</li>
<li>Type in a name i.e. Clean</li>
<li>Select <>Create</></li>
</ol>
<>Now we can purge the infected ones</>
<ol>
<li>Go <>Start > All programs > Accessories > system tools </></li>
<li>Right click <>Disc cleanup</> and select run as administrator</li>
<li>Select <>Your main drive</> and accept the warning if you get one</li>
<li>For a few moments the system will make some calculations</li>
<li>Select the <>More Options tab</></li>
<li>In the System <>Restore and Shadow Backups select Clean up</></li>
<li>Select <>Delete</> on the pop up</li>
<li>Select OK</li>
<li>Select Delete</li>
</ol>
<hr />
STEP 4: Clean your temporary files to gain more hard drive space and remove the junk files
<ol>
<li>Download Ccleaner from the below link:
CCLEANER DOWNLOAD LINK</a> <em>(This link will automatically download Ccleaner on your computer)</em></li>
<li>Install Ccleaner by following the prompts</li>
<li>Start Ccleaner and the following should be selected by default, if not, please select:
<img src="http://i52.tinypic.com/4l5a4i.png" alt="Posted Image" /></li>
<li>Click <img src="http://i56.tinypic.com/16jox2o.png" alt="Posted Image" /> and choose <img src="http://i40.tinypic.com/5x3nu8.gif" alt="Posted Image" /></li>
<li>Uncheck <img src="http://i51.tinypic.com/amuvj8.gif" alt="Posted Image" /></li>
<li>Then go back to <img src="http://i41.tinypic.com/2jb4qyb.gif" alt="Posted Image" /> and click <img src="http://i25.tinypic.com/nf47ev.gif" alt="Posted Image" /> to run it.</li>
<li>Exit CCleaner.</li>
</ol>

---

What's next?

1. Bulild up your malware defenses by starting a new thread in Security Configuration Wizard forum.
2. Learn how to avoid malware by reading this article <a href="http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/">How to easily avoid malware</a>
3. Be an active member in the MalwareTips community!