Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Pop-ups keep opening up in Google Chrome

This is a discussion on Pop-ups keep opening up in Google Chrome within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi Guys. In the last week my Google Chrome keeps opening pop-up windows for no reason with different websites. It


 
 
Thread Tools Search this Thread
Old 10-18-2015, 12:01 PM   #1
Registered Member
 
Join Date: Mar 2005
Posts: 22
OS: XP


Confused

Hi Guys.

In the last week my Google Chrome keeps opening pop-up windows for no reason with different websites.
It happens when I surf, but also when I'm not touching the computer and the Chrome is open.
This means that if I open Chrome, leave the computer and come back after 1 hour, I can have A LOT of pop up windows that opened up in the meantime.

I can't detect any other issues. Computer is not slow or anything. Just those endless pop ups. Looks definitly like some kind of malware.

I'm attaching the logs.
Thank you for your help!

**************
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18057 BrowserJavaVersion: 11.31.2
Run by Shahar Ben-Porath at 21:42:47 on 2015-10-18
Microsoft Windows 7 Professional 6.1.7601.1.1255.972.1033.18.2922.1047 [GMT 3:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AV: Kaspersky Internet Security *Enabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
SP: Kaspersky Internet Security *Enabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Ad-Aware Antivirus *Disabled/Outdated* {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
FW: Ad-Aware Firewall *Disabled* {88F799E3-AF48-6FBE-AC13-342C6CDD1162}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe
C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe
C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Windows\system32\taskhost.exe
c:\program files\soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Update\1.3.28.15\GoogleCrashHandler.exe
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=COSP&ptag=D101515-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.maxiwe.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: ActiveMail Add-on: {2BBC8EDB-3D27-4FD3-9F9F-DFDC5B4A27A4} - c:\program files\activepath\addon\apieinbodyBHO.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} -
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: {54B02808-B60E-44CD-A72D-9865117E4E62} - <orphaned>
BHO: AGFormHelperObj Class: {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - c:\program files\agat\agform\AGFormsHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_31\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
BHO: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - c:\program files\winzip courier\wzwmcie.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Kaspersky Protection plugin: {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - c:\program files\kaspersky lab\kaspersky internet security 16.0.0\ieext\ie_plugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_31\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} -
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: AGForms Toolbar: {8fe28f46-37ad-47b2-8258-34c128636ace} -
TB: Kaspersky Protection toolbar: {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - c:\program files\kaspersky lab\kaspersky internet security 16.0.0\ieext\ie_plugin.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Google Update] "c:\users\shahar ben-porath\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AVG-Secure-Search-Update_0913b] c:\users\shahar ben-porath\appdata\roaming\avg 0913b campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5c331a67e17647d1a646957ea0dfaa80-f60f1bc55ce20c250fa1c1a05d7706fc14e0d932 --CMPID 0913b
uRun: [GoogleChromeAutoLaunch_B1CFEE270F926F92FBAC5A26A0459617] "c:\users\shahar ben-porath\appdata\local\google\chrome\application\chrome.exe" --no-startup-window
uRun: [Dropbox Update] "c:\users\shahar ben-porath\appdata\local\dropbox\update\DropboxUpdate.exe" /c
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
uRun: [Web Companion] c:\program files\lavasoft\web companion\application\WebCompanion.exe --minimize
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [Power Manager Power Agenda] c:\progra~1\thinkpad\utilit~1\DPMHost.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AdAwareTray] "c:\program files\lavasoft\ad-aware antivirus\ad-aware antivirus\11.8.586.8535\AdAwareTray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &ייצוא אל Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: ש&לח אל OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
LSP: c:\windows\system32\LavasoftTcpService.dll
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: NameServer = 192.117.235.235 62.219.186.7
TCP: Interfaces\{A68E97FE-3021-4C69-AB0D-F919893DC660} : DHCPNameServer = 192.117.235.235 62.219.186.7
TCP: Interfaces\{F64C6EC5-5E94-4367-97B9-C4EB5204B9AA} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
Hosts: 0.0.0.1 mssplus.mcafee.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\shahar ben-porath\appdata\roaming\mozilla\firefox\profiles\pnmycuye.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Bingֲ
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=COSP&ptag=D101515-A60FA26CFB78147A880F&form=CONMHP&conlogo=CT3332038
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\adobe extension manager cs6\npAdobeExManDetectX86.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\program files\winzip courier\npwzwmc.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\shahar ben-porath\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\users\shahar ben-porath\appdata\roaming\mozilla\firefox\profiles\pnmycuye.default\extensions\[email protected]\plugins\npCoralIETab.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2011-07-16 08:40; [email protected]; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x86 (Weak);c:\windows\system32\drivers\cm_km.sys [2015-7-6 201912]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-7-18 51144]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-3 26984]
R1 klhk;Kaspersky Lab service driver;c:\windows\system32\drivers\klhk.sys [2015-10-18 44728]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\drivers\klpd.sys [2015-6-8 39304]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2015-6-11 54328]
R1 Klwtp;Klwtp;c:\windows\system32\drivers\klwtp.sys [2015-6-16 87736]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2015-6-23 156856]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-14 20992]
R2 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [2015-6-6 58040]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-5-17 269824]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [2015-10-18 136888]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-5-17 41088]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2010-9-28 38336]
R3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2011-8-7 16256]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\drivers\klbackupdisk.sys [2015-6-6 46776]
S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\drivers\klbackupflt.sys [2015-6-27 58224]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2015-6-11 33976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys [2011-9-6 25856]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2011-9-6 23040]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2011-9-6 27776]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys [2011-9-16 73728]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2015-6-6 37048]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2015-6-7 38072]
S3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-6-27 22640]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-2-16 11520]
.
=============== Created Last 30 ================
.
2015-10-18 18:37:58 8884144 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ba0d9d0e-e7c9-49f1-99be-c287ecc2ee9b}\mpengine.dll
2015-10-18 18:37:56 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-10-18 18:21:10 -------- d-----w- c:\windows\ELAMBKUP
2015-10-18 18:21:08 -------- d-----w- c:\programdata\Kaspersky Lab
2015-10-18 18:21:08 -------- d-----w- c:\program files\Kaspersky Lab
2015-10-18 18:20:44 44728 ----a-w- c:\windows\system32\drivers\klhk.sys
2015-10-18 18:20:44 136888 ----a-w- c:\windows\system32\drivers\klflt.sys
2015-10-17 16:29:42 -------- d-----w- c:\users\shahar ben-porath\appdata\local\TeamViewer
2015-10-17 16:27:24 -------- d-----w- c:\program files\TeamViewer
2015-10-15 06:28:17 -------- d-----w- c:\users\shahar ben-porath\appdata\local\Lavasoft
2015-10-15 06:27:41 345360 ----a-w- c:\windows\system32\LavasoftTcpService.dll
2015-10-15 06:26:19 -------- d-----w- c:\program files\Lavasoft
2015-10-15 05:28:44 -------- d-----w- c:\program files\common files\Lavasoft
2015-10-15 04:13:09 999936 ----a-w- c:\windows\system32\aeinv.dll
2015-10-15 04:13:09 62976 ----a-w- c:\windows\system32\acmigration.dll
2015-10-15 04:13:09 615936 ----a-w- c:\windows\system32\generaltel.dll
2015-10-15 04:13:09 587776 ----a-w- c:\windows\system32\invagent.dll
2015-10-15 04:13:09 423936 ----a-w- c:\windows\system32\devinv.dll
2015-10-15 04:13:09 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-10-15 04:13:09 1120768 ----a-w- c:\windows\system32\appraiser.dll
2015-10-14 09:26:39 -------- d-----w- c:\program files\CCleaner
2015-10-14 07:16:37 868864 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2015-09-26 23:19:22 252648 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2015-09-20 06:59:25 -------- d-----w- c:\program files\Citrix
2015-09-20 06:59:13 -------- d-----w- c:\users\shahar ben-porath\appdata\local\Citrix
.
==================== Find3M ====================
.
2015-10-18 18:34:21 39304 ----a-w- c:\windows\system32\drivers\klpd.sys
2015-10-17 14:30:09 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-10-17 14:30:09 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-01 17:50:53 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 17:50:35 50688 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 17:50:35 28160 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 17:50:00 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 17:50:00 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 16:53:22 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-29 03:05:01 3990976 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-09-29 03:05:01 3936192 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-09-29 03:02:09 1308160 ----a-w- c:\windows\system32\ntdll.dll
2015-09-29 02:59:20 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-09-29 02:59:17 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-09-29 02:59:16 43008 ----a-w- c:\windows\system32\srclient.dll
2015-09-29 02:59:16 400896 ----a-w- c:\windows\system32\srcore.dll
2015-09-29 02:59:13 655360 ----a-w- c:\windows\system32\rpcrt4.dll
2015-09-29 02:59:08 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-09-29 02:59:04 552960 ----a-w- c:\windows\system32\kerberos.dll
2015-09-29 02:58:57 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-09-29 02:58:57 36864 ----a-w- c:\windows\system32\cryptbase.dll
2015-09-29 02:58:57 17408 ----a-w- c:\windows\system32\credssp.dll
2015-09-29 02:58:37 69632 ----a-w- c:\windows\system32\smss.exe
2015-09-29 02:58:33 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-09-29 02:58:05 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-09-29 02:53:44 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-09-29 02:53:28 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-09-29 02:49:51 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-09-29 02:49:50 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-09-29 01:43:28 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-09-29 01:43:11 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-09-29 01:43:10 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-09-25 17:59:08 93696 ----a-w- c:\windows\system32\wudriver.dll
2015-09-25 17:59:08 2955776 ----a-w- c:\windows\system32\wucltux.dll
2015-09-25 17:59:08 174080 ----a-w- c:\windows\system32\wuwebv.dll
2015-09-25 17:58:42 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-09-25 17:58:29 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-09-25 17:58:25 35328 ----a-w- c:\windows\system32\wuapp.exe
2015-09-16 03:45:19 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-09-16 03:45:09 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-09-16 03:33:26 504832 ----a-w- c:\windows\system32\vbscript.dll
2015-09-16 03:33:07 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-09-16 03:32:33 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-09-16 03:32:24 341504 ----a-w- c:\windows\system32\html.iec
2015-09-16 03:31:57 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-09-16 03:23:07 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-09-16 03:23:01 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-09-16 03:22:43 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-09-16 03:18:00 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-09-16 03:10:46 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-09-16 03:05:51 4527616 ----a-w- c:\windows\system32\jscript9.dll
2015-09-16 02:55:49 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-09-16 02:55:45 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-09-16 02:37:26 2011136 ----a-w- c:\windows\system32\wininet.dll
2015-09-15 17:42:14 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-09-15 17:42:14 139096 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-09-15 17:36:40 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-09-15 17:36:40 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-09-15 17:36:38 248832 ----a-w- c:\windows\system32\schannel.dll
2015-09-15 17:36:38 22016 ----a-w- c:\windows\system32\secur32.dll
2015-09-15 17:36:35 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-09-15 17:36:30 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-09-15 17:35:49 22528 ----a-w- c:\windows\system32\lsass.exe
2015-09-02 02:48:35 26624 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 02:48:31 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 02:48:28 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 02:48:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 01:36:35 2384896 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:33:48 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-08-27 17:58:14 1391104 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 17:58:14 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 17:51:26 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 17:51:26 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-06 17:44:36 1498624 ----a-w- c:\windows\system32\ExplorerFrame.dll
2015-08-06 08:43:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2015-08-06 08:43:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2015-08-05 17:41:00 751104 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-05 17:40:50 22528 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
2015-08-05 17:40:50 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-08-05 17:40:50 19968 ----a-w- c:\windows\system32\jnwmon.dll
2015-07-30 17:57:31 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 17:57:30 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 13:13:38 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-22 17:53:34 937984 ----a-w- c:\windows\system32\diagtrack.dll
2015-07-22 17:53:31 635392 ----a-w- c:\windows\system32\tdh.dll
2015-07-22 17:53:10 641536 ----a-w- c:\windows\system32\advapi32.dll
2015-07-22 16:38:27 41984 ----a-w- c:\windows\system32\UtcResources.dll
2015-07-16 05:07:57 6420480 ----a-w- c:\program files\GUTAD7B.tmp
2014-03-30 16:02:59 6000640 ----a-w- c:\program files\GUTA2A7.tmp
.
============= FINISH: 21:48:28.69 ===============
Attached Files
File Type: txt attach.txt (12.2 KB, 466 views)
sagybp is offline  
Sponsored Links
Advertisement
 
Old 10-19-2015, 01:19 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello sagybp,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

Please do the following steps.

STEP 1

Please download AdwCleaner on to your desktop.
Close all open programs and internet browsers.
Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
Click on Scan.
After the scan is complete click on "Cleaning"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 10-19-2015, 11:54 PM   #3
Registered Member
 
Join Date: Mar 2005
Posts: 22
OS: XP



Here it is:

===========================
# AdwCleaner v5.014 - Logfile created 19/10/2015 at 20:05:47
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Shahar Ben-Porath - SHAHARBEN-PORAT
# Running from : C:\Users\Shahar Ben-Porath\Desktop\AdwCleaner.exe
# Option : Scan
# Support : Forum - ToolsLib

***** [ Services ] *****

Service Found : vToolbarUpdater13.2.0

***** [ Folders ] *****

Folder Found : C:\Program Files\~BabylonToolbar
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files\GreenTree Applications
Folder Found : C:\Program Files\iMesh Applications
Folder Found : C:\Program Files\VideoConverter
Folder Found : C:\Program Files\Mozilla Firefox\Extensions\[email protected]
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\iMesh
Folder Found : C:\ProgramData\SweetIM
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\ytd video downloader
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Found : C:\Users\Shahar Ben-Porath\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Shahar Ben-Porath\AppData\Local\Babylon
Folder Found : C:\Users\Shahar Ben-Porath\AppData\Local\Conduit
Folder Found : C:\Users\Shahar Ben-Porath\AppData\Local\iMesh
Folder Found : C:\Users\Shahar Ben-Porath\AppData\Local\PackageAware
Folder Found : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
Folder Found : C:\Users\Shahar Ben-Porath\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Shahar Ben-Porath\AppData\LocalLow\Conduit
Folder Found : C:\Users\Shahar Ben-Porath\AppData\LocalLow\HPAppData
Folder Found : C:\Users\Shahar Ben-Porath\AppData\Roaming\Babylon
Folder Found : C:\Users\Shahar Ben-Porath\AppData\Roaming\HPAppData
Folder Found : C:\Users\Shahar Ben-Porath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Converter
Folder Found : C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\Extensions\staged\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Folder Found : C:\Users\SHAHAR~1\AppData\Local\Temp\apn
Folder Found : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}

***** [ Files ] *****

File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
File Found : C:\Users\Public\Desktop\YTD Video Downloader.lnk
File Found : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdidombaedgpfiiedeimiebkmbilgmlc_0.localstorage
File Found : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage
File Found : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage
File Found : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
File Found : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
File Found : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage
File Found : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.sweetango.co.il_0.localstorage
File Found : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.sweetango.co.il_0.localstorage-journal
File Found : C:\Users\Shahar Ben-Porath\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
File Found : C:\Users\Shahar Ben-Porath\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk
File Found : C:\Users\Shahar Ben-Porath\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Video Converter.lnk
File Found : C:\Users\Shahar Ben-Porath\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\iMesh.lnk
File Found : C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\searchplugins\bing-lavasoft.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Found : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Key Found : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Key Found : HKLM\SOFTWARE\Classes\.bdc
Key Found : HKLM\SOFTWARE\Classes\.bgl
Key Found : HKLM\SOFTWARE\Classes\.bof
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\iMesh.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\BabyDict
Key Found : HKLM\SOFTWARE\Classes\BabyGloss
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Found : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Found : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Key Found : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Key Found : HKLM\SOFTWARE\Classes\BabyOptFile
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Key Found : HKLM\SOFTWARE\Classes\iMesh.Device
Key Found : HKLM\SOFTWARE\Classes\iMesh.file
Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\sim-packages
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetPacks Communicator
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMPlayCDAudioOnArrival
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMRipCDAudioOnArrival
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowCDAudioOnArrival
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\microsoft\shared tools\msconfig\startupreg\ApnTBMon
Key Found : HKLM\SOFTWARE\Classes\WMHelperiMesh.WMHelper
Key Found : HKLM\SOFTWARE\Classes\WMHelperiMesh.WMHelper.1
Key Found : HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithiMesh
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKCU\Software\Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}
Key Found : HKCU\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Found : HKU\.DEFAULT\Software\AVG Secure Search
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AVG Nation toolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Babylon
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Imesh
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKLM\SOFTWARE\AVG Nation toolbar
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Imesh
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Video Converter
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Imesh
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Found : HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\Software\AppDataLow\Software\adawarebp
Key Found : HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\Software\AppDataLow\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\1A594BF8F3A4D1C4DB72F3A32B6E7636
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://isearch.avg.com/tab?cid={7B38DDE9-E5E1-4DAA-AC3E-4A4C6FF96BFD}&mid=5c331a67e17647d1a646957ea0dfaa80-f60f1bc55ce20c250fa1c1a05d7706fc14e0d932&lang=en&ds=AVG&pr=fr&d=2011-10-20 2224&v=9.0.0.22&sap=nt
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [ Web browsers ] *****

[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("CT3284953.FF19Solved", "true");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("CT3284953.UserID", "UN16274859337407122");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("CT3284953.autoDisableScopes", 0);
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("CT3284953.installDate", "8/6/2013 12:12:28");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("CT3284953.installSessionId", "-1");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("CT3284953.installSp", "TRUE");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("CT3284953.installerVersion", "1.4.1.3");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("CT3284953.searchRevert", "FALSE");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("CT3284953.searchUserMode", "2");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("CT3284953.versionFromInstaller", "10.15.2.23");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\13.2.0.5");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("avg.install.userHPSettings", "hxxp://babylon.walla.co.il/");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("browser.babylon.HPOnNewTab", "babylon.walla.co.il");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("extensions.BabylonToolbar.cntry", "IL");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("extensions.BabylonToolbar.firstRun", false);
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("extensions.BabylonToolbar.hdrMd5", "6678D4DA93D47A4018723013CA999AB7");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("extensions.BabylonToolbar.lastActv", "18");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("extensions.BabylonToolbar.lastDP", 18);
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.210:28:21");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("extensions.BabylonToolbar.newTab", true);
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("extensions.BabylonToolbar.propectorlck", 107434984);
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("extensions.enabledAddons", "[email protected]:1.1.8,{e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12,[email protected]:1.0.0.1,[email protected]:1.2.0.13,{EEE6C361-6118-11DC-9C72-001320C79847}[...]
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff_1_6.html");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
[C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Found : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
[C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : aaaailpifkkekipiachodfkfmgmiapmp
[C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : dhkplhfnhceodhffomolpfigojocbpcb
[C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : elicpjhcidhpjomhibiffojpinpmmpil
[C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : jcdgjdiieiljkfkdcloehkohchhpekkn
[C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : ndibdjnfmopecpmkdieinmbadjfpblof

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [42623 bytes] ##########
Attached Files
File Type: txt Addition.txt (71.8 KB, 35 views)
File Type: txt FRST.txt (64.0 KB, 47 views)
sagybp is offline  
Sponsored Links
Advertisement
 
Old 10-20-2015, 12:56 AM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello sagybp,

Please post the content of following logfile with your next answer.

C:\AdwCleaner\AdwCleaner[C#].txt
__________________
tekir06 is offline  
Old 10-20-2015, 01:08 AM   #5
Registered Member
 
Join Date: Mar 2005
Posts: 22
OS: XP



Here it is:
=========================
# AdwCleaner v5.014 - Logfile created 19/10/2015 at 20:09:12
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Shahar Ben-Porath - SHAHARBEN-PORAT
# Running from : C:\Users\Shahar Ben-Porath\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater13.2.0

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\~BabylonToolbar
[-] Folder Deleted : C:\Program Files\AVG Secure Search
[-] Folder Deleted : C:\Program Files\Babylon
[-] Folder Deleted : C:\Program Files\GreenTree Applications
[-] Folder Deleted : C:\Program Files\iMesh Applications
[-] Folder Deleted : C:\Program Files\VideoConverter
[-] Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\[email protected]
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\Babylon
[-] Folder Deleted : C:\ProgramData\iMesh
[-] Folder Deleted : C:\ProgramData\SweetIM
[-] Folder Deleted : C:\ProgramData\Tarma Installer
[-] Folder Deleted : C:\ProgramData\ytd video downloader
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\AVG Secure Search
[-] Folder Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Babylon
[-] Folder Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\iMesh
[-] Folder Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[-] Folder Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
[-] Folder Deleted : C:\Users\Shahar Ben-Porath\AppData\LocalLow\AVG Secure Search
[-] Folder Deleted : C:\Users\Shahar Ben-Porath\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Shahar Ben-Porath\AppData\LocalLow\HPAppData
[-] Folder Deleted : C:\Users\Shahar Ben-Porath\AppData\Roaming\Babylon
[-] Folder Deleted : C:\Users\Shahar Ben-Porath\AppData\Roaming\HPAppData
[-] Folder Deleted : C:\Users\Shahar Ben-Porath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Converter
[#] Folder Deleted : C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\Extensions\staged\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[-] Folder Deleted : C:\Users\SHAHAR~1\AppData\Local\Temp\apn
[-] Folder Deleted : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
[-] File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Public\Desktop\YTD Video Downloader.lnk
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdidombaedgpfiiedeimiebkmbilgmlc_0.localstorage
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.sweetango.co.il_0.localstorage
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.sweetango.co.il_0.localstorage-journal
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Video Converter.lnk
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\iMesh.lnk
[-] File Deleted : C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\searchplugins\bing-lavasoft.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
[-] Key Deleted : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
[-] Key Deleted : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
[-] Key Deleted : HKLM\SOFTWARE\Classes\.bdc
[-] Key Deleted : HKLM\SOFTWARE\Classes\.bgl
[-] Key Deleted : HKLM\SOFTWARE\Classes\.bof
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
[-] Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
[-] Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
[-] Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
[-] Key Deleted : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
[-] Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
[-] Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
[-] Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
[-] Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
[-] Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\iMesh.AudioCD
[-] Key Deleted : HKLM\SOFTWARE\Classes\iMesh.Device
[-] Key Deleted : HKLM\SOFTWARE\Classes\iMesh.file
[-] Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Classes\S
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetPacks Communicator
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMPlayCDAudioOnArrival
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMRipCDAudioOnArrival
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowCDAudioOnArrival
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\microsoft\shared tools\msconfig\startupreg\ApnTBMon
[-] Key Deleted : HKLM\SOFTWARE\Classes\WMHelperiMesh.WMHelper
[-] Key Deleted : HKLM\SOFTWARE\Classes\WMHelperiMesh.WMHelper.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithiMesh
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\AVG Nation toolbar
[-] Key Deleted : HKCU\Software\AVG Secure Search
[-] Key Deleted : HKCU\Software\Babylon
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Imesh
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKLM\SOFTWARE\AVG Nation toolbar
[-] Key Deleted : HKLM\SOFTWARE\AVG Secure Search
[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Babylon
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Imesh
[-] Key Deleted : HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Video Converter
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Imesh
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
[!] Key Not Deleted : HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\Software\AppDataLow\Software\adawarebp
[!] Key Not Deleted : HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\Software\AppDataLow\Software\BackgroundContainer
[!] Key Not Deleted : HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\1A594BF8F3A4D1C4DB72F3A32B6E7636
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\1A594BF8F3A4D1C4DB72F3A32B6E7636
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[!] Key Not Deleted : HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [ Web browsers ] *****

[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("CT3284953.FF19Solved", "true");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("CT3284953.UserID", "UN16274859337407122");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("CT3284953.autoDisableScopes", 0);
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("CT3284953.installDate", "8/6/2013 12:12:28");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("CT3284953.installSessionId", "-1");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("CT3284953.installSp", "TRUE");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("CT3284953.installerVersion", "1.4.1.3");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("CT3284953.searchRevert", "FALSE");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("CT3284953.searchUserMode", "2");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("CT3284953.versionFromInstaller", "10.15.2.23");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\13.2.0.5");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("avg.install.userHPSettings", "hxxp://babylon.walla.co.il/");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("browser.babylon.HPOnNewTab", "babylon.walla.co.il");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar.cntry", "IL");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "6678D4DA93D47A4018723013CA999AB7");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar.lastActv", "18");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar.lastDP", 18);
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.210:28:21");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 107434984);
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("extensions.enabledAddons", "[email protected]:1.1.8,{e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12,[email protected]:1.0.0.1,[email protected]:1.2.0.13,{EEE6C361-6118-11DC-9C72-001320C79847}[...]
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff_1_6.html");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*.*.facebook.com/.*.*.google.com/.*.*.google.co.in/.*.*.google.com.br/.*.*.google.es/.*.*.youtube.com/.*.*.yahoo.com/.*.[...]
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
[-] [C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*.*.bing..*.*.live..*.*.msn..*.*.yahoo..*.*.youtube.com.*.*ask.com.*.*.sweetim.com.*");
[-] [C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aaaailpifkkekipiachodfkfmgmiapmp
[-] [C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dhkplhfnhceodhffomolpfigojocbpcb
[-] [C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : elicpjhcidhpjomhibiffojpinpmmpil
[-] [C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jcdgjdiieiljkfkdcloehkohchhpekkn
[-] [C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [44968 bytes] ##########
sagybp is offline  
Old 10-20-2015, 02:13 AM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello sagybp,

Thanks for the logs. Please do the following instructions.

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST.exe

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {B8E692D0-F495-489E-AF82-B4D6EEC83649} URL =
SearchScopes: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001 -> {B8E692D0-F495-489E-AF82-B4D6EEC83649} URL = 
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: IE Tab Plus - C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\Extensions\[email protected] [2011-10-18] [not signed]
FF Extension: No Name - C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [not found]
CHR Plugin: (Babylon Chrome Plugin) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll => No File
CHR Extension: (Babylon Chrome OCR) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2012-08-08]
CHR Extension: (No Name) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpjadgphgbohfhmlfhmnojgljckjgamm [2013-06-08]
EmptyTemp:
Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 10-20-2015, 03:19 AM   #7
Registered Member
 
Join Date: Mar 2005
Posts: 22
OS: XP



Where do I download the FRST.exe tool from? Did I miss something?
sagybp is offline  
Old 10-20-2015, 04:31 AM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello sagybp,

No need to download FRST. You have on the desktop. From FRST log:
Quote:
Running from C:\Users\Shahar Ben-Porath\Desktop
__________________
tekir06 is offline  
Old 10-20-2015, 06:40 AM   #9
Registered Member
 
Join Date: Mar 2005
Posts: 22
OS: XP



Here it is again:
==================
Fix result of Farbar Recovery Scan Tool (x86) Version:18-10-2015
Ran by Shahar Ben-Porath (2015-10-20 16:19:24) Run:1
Running from C:\Users\Shahar Ben-Porath\Desktop
Loaded Profiles: Shahar Ben-Porath (Available Profiles: Shahar Ben-Porath)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {B8E692D0-F495-489E-AF82-B4D6EEC83649} URL =
SearchScopes: HKU\S-1-5-21-1822029042-3454664663-1861086420-1001 -> {B8E692D0-F495-489E-AF82-B4D6EEC83649} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: IE Tab Plus - C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\Extensions\[email protected] [2011-10-18] [not signed]
FF Extension: No Name - C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [not found]
CHR Plugin: (Babylon Chrome Plugin) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll => No File
CHR Extension: (Babylon Chrome OCR) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2012-08-08]
CHR Extension: (No Name) - C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpjadgphgbohfhmlfhmnojgljckjgamm [2013-06-08]
EmptyTemp:
*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-1822029042-3454664663-1861086420-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8E692D0-F495-489E-AF82-B4D6EEC83649}" => key removed successfully.
HKCR\CLSID\{B8E692D0-F495-489E-AF82-B4D6EEC83649} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully.
C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\Extensions\[email protected] [2011-10-18] => not found.
C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\extensions\[email protected] => path removed successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected] => path removed successfully.
C:\Users\Shahar Ben-Porath\AppData\Roaming\Mozilla\Firefox\Profiles\pnmycuye.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi => path removed successfully.
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll => not found.
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhkplhfnhceodhffomolpfigojocbpcb => moved successfully
C:\Users\Shahar Ben-Porath\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpjadgphgbohfhmlfhmnojgljckjgamm => moved successfully
EmptyTemp: => 728 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 16:21:57 ====
sagybp is offline  
Old 10-20-2015, 11:28 PM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello sagybp,

Thanks for the log. Please do the following. Then tell me, How is the machine behaving now? What problems do you still have?

Launch Malwarebytes Anti-Malware

On the Dashboard, click the Scan Now button.
A check for database updates will be performed.
After the update check completes, a Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
__________________
tekir06 is offline  
Old 10-22-2015, 10:03 AM   #11
Registered Member
 
Join Date: Mar 2005
Posts: 22
OS: XP



Here's the log.

It seems that everything is working perfectly.
I can't see any problems.
No more pop-ups.

Thank you very much!

If you see anything else in the log and I need to take other actions, please tell me.
Attached Files
File Type: txt check.txt (1.0 KB, 38 views)
sagybp is offline  
Old 10-22-2015, 11:58 PM   #12
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello sagybp,

You're Welcome! I'm glad to hear that.

You do not need anything else. Your reports are clear. Let's remove all tools and logs that we use.

CLEAN UP

Please download delfix to your desktop.
  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.

Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn ON Automatic Updates in Windows 7

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop


    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Old 10-24-2015, 11:26 PM   #13
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Since this issue appears resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

Surf Safely and Think Prevention!
__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Browser hijacked by mystartsearch
I stream soccer through a web site called firstrowsports.eu. There are copies of this site and I was inadvertently directed to a copy site where I was instructed to down load a viewing app to speed up streaming. That was the mistake. Strange adverts started appearing. Now my browser has been...
ian worthington Resolved HJT Threads 27 03-11-2015 11:53 AM
Help removing search engines from Chrome launch
Every time I launch Chrome in Windows 8 I am greeted with two AVG search tabs and one MSN tab. I want none of those and I can't find where they are set in Chrome. Is this some sort of trojan that installed them? How do I get rid of them so I just launch with a blank tab?
bauhsoj Resolved HJT Threads 10 07-14-2014 08:31 PM
Specialist Crime Directorate?
I have got the Specialist Crime Directorate Ransomware virus and I need help on removing it. My computer won't boot in safe mode with networking or cmd, help!:frown:
josh1929 Resolved HJT Threads 36 09-03-2013 06:05 PM
Google patches several serious Chrome bugs
Google yesterday patched four vulnerabilities in Chrome, and disclosed that it had patched a fifth two weeks ago. The refresh of Chrome 16 was the second security-related update for the browser this month. One of the five bugs Google said had been quashed was actually a leftover from the Jan....
Glaswegian Computer Security News 0 01-24-2012 02:04 PM
Google ups ante for Chrome hack at revamped Pwn2Own
Pwn2Own hacking contest winners will receive a first prize of $60,000 this year - four times 2011's top reward - as organisers TippingPoint dramatically revamped the challenge. Google will also significantly increase the money it potentially will pay to people able to hack its Chrome browser. ...
Glaswegian Computer Security News 0 01-24-2012 02:03 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:58 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts