Trojan:Win32/Sirefef.AB found by Windows Defender.

View previous topic View next topic Go down

Trojan:Win32/Sirefef.AB found by Windows Defender.

Post by Buffyanimated on Sun 07 Jul 2013, 6:18 am

Hello everyone at GeekPolice, first let me introduce myself. I am BuffyAnimated this is a pretty cool site and I am very excited by finding it and learning more from others. The GeekPolice Academy sounds pretty awesome. I would like to learn more about it later after I get my current problem out of the way. I am currently posting these logs to the forum from my Windows XP Computer, but my Windows 7 Computer is the one which is infected with the Trojan. It can startup fine however, and I wouldn't have known I had a virus if it wasn't for scanning it.

Now to get to my problem I am having, I have AVG 2013 installed on my Windows 7 (64-bit Pc) It gave me back some suspicious results that it never displayed before while running a scan in, "Safe Mode"  Below are those results, it said a lot of my files including "My Documents, Pictures, Videos " were locked and could not be tested. Which is unusual and never happened in the past to me while running a AVG scan in Safemode.
------------------------------------------------------------
Test started: 6.7.2013 4:14:30
Duration of test: 50 minute(s) 59 second(s)
------------------------------------------------------------
Objects scanned     : 280837
Found infections    :  656
Found high severity :    0
Found med severity  :    0
Found info severity :  656
Fixed high severity :    0
Fixed med severity  :    0
Fixed info severity :    0
------------------------------------------------------------
The other thing it did was told me it found " Info Severity " infections.
I looked into the AVG Manual and it told me, " Information Severity: Information or warnings, not real threats. Typically documents containing Macros, Documents or Archives Protected by a pssword, locked files, ect. " So, still being curious as to why these are showing up now when they never showed up before I ran the " Windows Defender " Virus scan which came with Windows 7.
It told me, " Trojan:Win32/Sirefef.AB Alert Level Severe, this program is dangerous and executes commands from an attacker.
Resources: File: C:\Windows\assembly\GAC_32\  "However, when I clicked to remove the Virus it said it had been removed, I re-ran the scan after a restart and it found the same Virus.

Below are the Scan Logs from what I read in the " Read this Before Posting " Section of this forum.
----
AWCLEANER SCAN LOG.
----
# AdwCleaner v2.304 - Logfile created 07/06/2013 at 13:06:33
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : B-Websites - FAMILY-PC
# Boot Mode : Normal
# Running from : C:\Users\B-Websites\Downloads\fix_xp\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Users\M\AppData\Roaming\Mozilla\Firefox\Profiles\ox1380kb.default\searchplugins\CouponAlert_2p.xml
File Deleted : C:\Users\M\AppData\Roaming\Mozilla\Firefox\Profiles\ox1380kb.default\searchplugins\mywebsearch.xml
File Deleted : C:\Users\Sis\AppData\Roaming\Mozilla\Firefox\Profiles\8mxyghj3.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Sis\AppData\Roaming\Mozilla\Firefox\Profiles\8mxyghj3.default\searchplugins\CouponAlert_2p.xml
File Deleted : C:\Users\Sis\AppData\Roaming\Mozilla\Firefox\Profiles\8mxyghj3.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Sis\AppData\Roaming\Mozilla\Firefox\Profiles\8mxyghj3.default\searchplugins\mywebsearch.xml
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Administrator\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\B-Websites\AppData\Local\APN
Folder Deleted : C:\Users\B-Websites\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\B-Websites\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\B-Websites\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\B-Websites\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\B-Websites\AppData\LocalLow\CouponAlert_2p
Folder Deleted : C:\Users\B-Websites\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\B-Websites\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\B-Websites\Documents\DealRunner
Folder Deleted : C:\Users\ginzu\AppData\Local\APN
Folder Deleted : C:\Users\ginzu\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\ginzu\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\ginzu\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\ginzu\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\ginzu\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\ginzu\AppData\LocalLow\CouponAlert_2p
Folder Deleted : C:\Users\ginzu\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\ginzu\AppData\LocalLow\IncrediMail_MediaBar_2
Folder Deleted : C:\Users\ginzu\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\GM Project\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\M\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\M\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\M\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\M\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\M\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\M\AppData\LocalLow\CouponAlert_2p
Folder Deleted : C:\Users\M\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\M\AppData\LocalLow\IncrediMail_MediaBar_2
Folder Deleted : C:\Users\M\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Sis\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Sis\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Sis\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sis\AppData\LocalLow\CouponAlert_2p
Folder Deleted : C:\Users\Sis\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Sis\AppData\LocalLow\IncrediMail_MediaBar_2
Folder Deleted : C:\Users\Sis\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Sis\AppData\Roaming\Mozilla\Firefox\Profiles\8mxyghj3.default\Conduit
Folder Deleted : C:\Users\Sis\AppData\Roaming\Mozilla\Firefox\Profiles\8mxyghj3.default\CT2724386
Folder Deleted : C:\Users\Sis\AppData\Roaming\Mozilla\Firefox\Profiles\8mxyghj3.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\B-Websites\AppData\Roaming\Mozilla\Firefox\Profiles\cyhw0vo6.default\prefs.js

C:\Users\B-Websites\AppData\Roaming\Mozilla\Firefox\Profiles\cyhw0vo6.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.CouponAlert_2p.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/open[...]
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={F09576C6-1C26-4A31-A7C3-5C94875AFD88}&m[...]

File : C:\Users\Sis\AppData\Roaming\Mozilla\Firefox\Profiles\8mxyghj3.default\prefs.js

Deleted : user_pref("CT2559647..clientLogIsEnabled", true);
Deleted : user_pref("CT2559647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2559647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2559647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2559647.AppTrackingLastCheckTime", "Sun May 22 2011 13:23:07 GMT-0600 (Central America [...]
Deleted : user_pref("CT2559647.CTID", "CT2559647");
Deleted : user_pref("CT2559647.CurrentServerDate", "22-5-2011");
Deleted : user_pref("CT2559647.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2559647.DialogsGetterLastCheckTime", "Thu Apr 07 2011 05:40:47 GMT-0600 (Central Americ[...]
Deleted : user_pref("CT2559647.DownloadReferralCookieData", "");
Deleted : user_pref("CT2559647.ExternalComponentPollDate129404749084494749", "Sun May 22 2011 13:53:02 GMT-060[...]
Deleted : user_pref("CT2559647.ExternalComponentPollDate129404791544181654", "Sun May 22 2011 13:53:02 GMT-060[...]
Deleted : user_pref("CT2559647.ExternalComponentPollDate129413165572169584", "Sun May 22 2011 13:53:02 GMT-060[...]
Deleted : user_pref("CT2559647.FirstServerDate", "7-4-2011");
Deleted : user_pref("CT2559647.FirstTime", true);
Deleted : user_pref("CT2559647.FirstTimeFF3", true);
Deleted : user_pref("CT2559647.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2559647.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2559647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2559647.HasUserGlobalKeys", true);
Deleted : user_pref("CT2559647.Initialize", true);
Deleted : user_pref("CT2559647.InitializeCommonPrefs", true);
Deleted : user_pref("CT2559647.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2559647.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2559647.InstalledDate", "Thu Apr 07 2011 05:40:47 GMT-0600 (Central America Standard Ti[...]
Deleted : user_pref("CT2559647.IsGrouping", false);
Deleted : user_pref("CT2559647.IsMulticommunity", false);
Deleted : user_pref("CT2559647.IsOpenThankYouPage", false);
Deleted : user_pref("CT2559647.IsOpenUninstallPage", false);
Deleted : user_pref("CT2559647.LanguagePackLastCheckTime", "Sun May 22 2011 13:22:53 GMT-0600 (Central America[...]
Deleted : user_pref("CT2559647.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2559647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2559647.LastLogin_3.3.3.2", "Sun May 22 2011 13:22:53 GMT-0600 (Central America Standar[...]
Deleted : user_pref("CT2559647.LatestVersion", "3.3.3.2");
Deleted : user_pref("CT2559647.Locale", "en");
Deleted : user_pref("CT2559647.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2559647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2559647.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2559647.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2559647.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2559647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255[...]
Deleted : user_pref("CT2559647.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2559647.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2559647.SearchInNewTabLastCheckTime", "Sun May 22 2011 13:22:53 GMT-0600 (Central Ameri[...]
Deleted : user_pref("CT2559647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2559647.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2559647.ServiceMapLastCheckTime", "Sun May 22 2011 13:23:02 GMT-0600 (Central America S[...]
Deleted : user_pref("CT2559647.SettingsLastCheckTime", "Sun May 22 2011 13:22:53 GMT-0600 (Central America Sta[...]
Deleted : user_pref("CT2559647.SettingsLastUpdate", "1304242869");
Deleted : user_pref("CT2559647.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2559647.ThirdPartyComponentsLastCheck", "Sun May 22 2011 13:22:53 GMT-0600 (Central Ame[...]
Deleted : user_pref("CT2559647.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2559647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2559647");
Deleted : user_pref("CT2559647.Uninstall", true);
Deleted : user_pref("CT2559647.UserID", "UN93731113908383962");
Deleted : user_pref("CT2559647.ValidationData_Search", 2);
Deleted : user_pref("CT2559647.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2559647.alertChannelId", "952537");
Deleted : user_pref("CT2559647.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Deleted : user_pref("CT2559647.globalFirstTimeInfoLastCheckTime", "Sun May 22 2011 13:22:53 GMT-0600 (Central [...]
Deleted : user_pref("CT2559647.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2559647.myStuffEnabled", true);
Deleted : user_pref("CT2559647.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2559647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2559647.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2559647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2559647.oldAppsList", "129126535051871363,129126535052027614,129404749084494749,1294047[...]
Deleted : user_pref("CT2559647.testingCtid", "");
Deleted : user_pref("CT2559647.toolbarAppMetaDataLastCheckTime", "Sun May 22 2011 13:22:53 GMT-0600 (Central A[...]
Deleted : user_pref("CT2559647.toolbarContextMenuLastCheckTime", "Thu Apr 07 2011 05:40:48 GMT-0600 (Central A[...]
Deleted : user_pref("CT2559647.usagesFlag", 2);
Deleted : user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2724386.CT2724407.CommunityChanged", true);
Deleted : user_pref("CT2724386.CT2724431.CommunityChanged", true);
Deleted : user_pref("CT2724386.CT2727162.CommunityChanged", true);
Deleted : user_pref("CT2724386.CT2727622.CommunityChanged", true);
Deleted : user_pref("CT2724386.CT2727646.CommunityChanged", true);
Deleted : user_pref("CT2724386.CT2727678.CommunityChanged", true);
Deleted : user_pref("CT2724386.CT2727750.CommunityChanged", true);
Deleted : user_pref("CT2724386.CTID", "ct2724386");
Deleted : user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Thu Jan 27 2011 01:43:12 GMT-0600 (Central A[...]
Deleted : user_pref("CT2724386.CommunityChanged", true);
Deleted : user_pref("CT2724386.CurrentServerDate", "27-1-2011");
Deleted : user_pref("CT2724386.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2724386.DownloadReferralCookieData", "");
Deleted : user_pref("CT2724386.FirstServerDate", "16-1-2011");
Deleted : user_pref("CT2724386.FirstTime", true);
Deleted : user_pref("CT2724386.FirstTimeFF3", true);
Deleted : user_pref("CT2724386.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2724386.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2724386.GroupingLastCheckTime", "Thu Jan 27 2011 01:43:12 GMT-0600 (Central America Sta[...]
Deleted : user_pref("CT2724386.GroupingLastErrorCode", "");
Deleted : user_pref("CT2724386.GroupingLastResponse", true);
Deleted : user_pref("CT2724386.GroupingLastServerUpdateTime", "129404259370830000");
Deleted : user_pref("CT2724386.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2724386.Initialize", true);
Deleted : user_pref("CT2724386.InitializeCommonPrefs", true);
Deleted : user_pref("CT2724386.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2724386.InstallationId", "IncrediMail_MediaBar_2.exe");
Deleted : user_pref("CT2724386.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2724386.InstalledDate", "Sat Jan 15 2011 22:39:56 GMT-0600 (Central America Standard Ti[...]
Deleted : user_pref("CT2724386.IsGrouping", true);
Deleted : user_pref("CT2724386.IsMulticommunity", false);
Deleted : user_pref("CT2724386.IsOpenThankYouPage", false);
Deleted : user_pref("CT2724386.IsOpenUninstallPage", true);
Deleted : user_pref("CT2724386.LanguagePackLastCheckTime", "Sat Jan 15 2011 22:39:58 GMT-0600 (Central America[...]
Deleted : user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2724386.LastLogin_2.7.2.0", "Thu Jan 27 2011 01:43:12 GMT-0600 (Central America Standar[...]
Deleted : user_pref("CT2724386.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2724386.Locale", "en");
Deleted : user_pref("CT2724386.LoginCache", 4);
Deleted : user_pref("CT2724386.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2724386.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2724386.RadioIsPodcast", false);
Deleted : user_pref("CT2724386.RadioMediaID", "21080102");
Deleted : user_pref("CT2724386.RadioMediaType", "Media Player");
Deleted : user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080102");
Deleted : user_pref("CT2724386.RadioStationName", "Mix%201620%20Am");
Deleted : user_pref("CT2724386.RadioStationURL", "hxxp://69.115.65.9:8000");
Deleted : user_pref("CT2724386.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2724386.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...]
Deleted : user_pref("CT2724386.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2724386.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2724386.SearchInNewTabLastCheckTime", "Sat Jan 15 2011 22:39:57 GMT-0600 (Central Ameri[...]
Deleted : user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2724386.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2724386.SettingsLastCheckTime", "Sat Jan 15 2011 22:39:55 GMT-0600 (Central America Sta[...]
Deleted : user_pref("CT2724386.SettingsLastUpdate", "1294298391");
Deleted : user_pref("CT2724386.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Sat Jan 15 2011 22:39:55 GMT-0600 (Central Ame[...]
Deleted : user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2724386.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2724386.UserID", "UN09292349458301119");
Deleted : user_pref("CT2724386.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2724386.WeatherNetwork", "");
Deleted : user_pref("CT2724386.WeatherPollDate", "Thu Jan 27 2011 02:13:14 GMT-0600 (Central America Standard [...]
Deleted : user_pref("CT2724386.WeatherUnit", "C");
Deleted : user_pref("CT2724386.clientLogIsEnabled", false);
Deleted : user_pref("CT2724386.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2724386.ct2724386.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2724386.ct2724386.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2724386.ct2724386.GroupingInvalidateCache", false);
Deleted : user_pref("CT2724386.ct2724386.GroupingLastCheckTime", "Thu Jan 27 2011 01:43:12 GMT-0600 (Central A[...]
Deleted : user_pref("CT2724386.ct2724386.GroupingLastErrorCode", "");
Deleted : user_pref("CT2724386.ct2724386.GroupingLastResponse", true);
Deleted : user_pref("CT2724386.ct2724386.GroupingLastServerUpdateTime", "129404259370830000");
Deleted : user_pref("CT2724386.ct2724386.InvalidateCache", false);
Deleted : user_pref("CT2724386.ct2724386.LanguagePackLastCheckTime", "Thu Jan 27 2011 01:43:13 GMT-0600 (Centr[...]
Deleted : user_pref("CT2724386.ct2724386.Locale", "en");
Deleted : user_pref("CT2724386.ct2724386.RadioLastCheckTime", "Thu Jan 27 2011 01:43:12 GMT-0600 (Central Amer[...]
Deleted : user_pref("CT2724386.ct2724386.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2724386.ct2724386.RadioLastUpdateServer", "129249036863500000");
Deleted : user_pref("CT2724386.ct2724386.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Deleted : user_pref("CT2724386.ct2724386.SearchInNewTabLastCheckTime", "Thu Jan 27 2011 01:43:12 GMT-0600 (Cen[...]
Deleted : user_pref("CT2724386.ct2724386.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2724386.ct2724386.SettingsLastCheckTime", "Thu Jan 27 2011 01:43:12 GMT-0600 (Central A[...]
Deleted : user_pref("CT2724386.ct2724386.SettingsLastUpdate", "1294298391");
Deleted : user_pref("CT2724386.ct2724386.ThirdPartyComponentsLastCheck", "Sat Jan 15 2011 22:39:56 GMT-0600 (C[...]
Deleted : user_pref("CT2724386.ct2724386.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2724386.myStuffEnabled", true);
Deleted : user_pref("CT2724386.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2724386.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2724386.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/952537/948310/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2559647", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2559647",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2559647/CT2559647[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com/?loc=ff_a[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2724386,CT2559647");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2724386,CT2559647");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Apr 07 2011 05:40:47 GMT-06[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun May 22 2011 13:23:01 GMT-0600 (Centr[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun May 22 2011 13:22:53 GMT-0600 (Central A[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "20498835-bc99-45af-bbae-808b387d9a8b");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Jan 27 2011 01:43:12 GMT-0600 (Cen[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "c8150399-a995-4940-b00d-d5d378cdee16");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2559647");
Deleted : user_pref("browser.search.defaultthis.engineName", "Coupons.com Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&Sea[...]
Deleted : user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=CDxd[...]
Deleted : user_pref("extensions.CouponAlert_2p.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/open[...]
Deleted : user_pref("extensions.CouponAlert_2p.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.[...]
Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://mystart.incredimail.com/?loc=ff_address_bar&a[...]
Deleted : user_pref("extensions.sahtb.url.merchants.data", "Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZKxdm4897HUS&ptb[...]

File : C:\Users\M\AppData\Roaming\Mozilla\Firefox\Profiles\ox1380kb.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.CouponAlert_2p.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/open[...]
Deleted : user_pref("extensions.CouponAlert_2p.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.[...]
Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={F09576C6-1C26-4A31-A7C3-5C94875AFD88}&m[...]

File : C:\Users\ginzu\AppData\Roaming\Mozilla\Firefox\Profiles\ncyxn3nj.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={F09576C6-1C26-4A31-A7C3-5C94875AFD88}&m[...]

File : C:\Users\GM Project\AppData\Roaming\Mozilla\Firefox\Profiles\mu58k4ht.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.71

File : C:\Users\B-Websites\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2392] : homepage = "hxxp://isearch.avg.com/?cid={BF846267-4F53-4CFD-B454-41C763C17A96}&mid=75c6c48021bf4[...]

File : C:\Users\Sis\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2252] : homepage = "hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=CDxdm014YYus&ptb=6E3149F0-B[...]
Deleted [l.2889] : urls_to_restore_on_startup = [ "hxxp://www.hotmail.com/?rru=inbox", "hxxp://doctoroz.com/", "[...]

File : C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\ginzu\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\GM Project\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [36611 octets] - [06/07/2013 12:37:46]
AdwCleaner[S1].txt - [37069 octets] - [06/07/2013 13:06:33]

########## EOF - C:\AdwCleaner[S1].txt - [37130 octets] ##########

----




====
FOR SOME UNKNOWN REASON I COULD NOT GET MBAM TO DOWNLOAD FROM THIS FORUM SHOULD I DOWNLOAD IT FROM ANOTHER WEBSITE SUCH AS [You must be registered and logged in to see this link.]
====




====
SECURITY CHECK LOG FILE.
====

Results of screen317's Security Check version 0.99.68  
Windows 7 Service Pack 1 x64 (UAC is enabled)  
Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013  
Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1    
Java(TM) 6 Update 29  
Java(TM) 7 Update 5  
Java version out of Date!
Adobe Flash Player 11.7.700.224  
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 20.0.1 Firefox out of Date!  
Google Chrome 28.0.1500.63  
Google Chrome 28.0.1500.71  
````````Process Check: objlist.exe by Laurent````````  
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Buffyanimated

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2013-07-06
Operating System : Windows 7 (64-bit)

View user profile

Back to top Go down

Re: Trojan:Win32/Sirefef.AB found by Windows Defender.

Post by Superdave on Sun 07 Jul 2013, 6:32 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*******************************************************
If you still can't download MBAM, download it on your other computer and transfer it using the above method.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*****************************************************
Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan:Win32/Sirefef.AB found by Windows Defender.

Post by Buffyanimated on Sun 07 Jul 2013, 1:17 pm

Hello Dave, thanks for your reply I appreciate you helping me out with my MalWare issue.

Question to you Dave: 
I can connect to the internet on both computers, however to download Junkware Removal tool I had to sign on to my Windows Xp Computer. Unfortinately, I had to use a usb, SD card to transfer the files due to my laptop not having disk reading capabilities. I did hold Shift down for 10 seconds tho, what exactly does that accomplish while inserting a Usb cable?

here are my Scan Logs.

MBam's Scanner said no infections were found. Below are the MBam's logs.


Malwarebytes Anti-Malware 1.75.0.1300
[You must be registered and logged in to see this link.]

Database version: v2013.07.06.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
B-Websites :: FAMILY-PC [administrator]

7/6/2013 6:12:33 PM
mbam-log-2013-07-06 (18-12-33).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 592579
Time elapsed: 1 hour(s), 8 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Below are the Junkware Removal Tool Logs.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by B-Websites on Sat 07/06/2013 at 20:42:53.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1186489308-429075269-1435096030-1003\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{02086BEB-6E16-4BDB-B5E4-A526830562AB}



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\w3i"
Successfully deleted: [Folder] "C:\Users\B-Websites\AppData\Roaming\software informer"
Successfully deleted: [Folder] "C:\Users\B-Websites\appdata\locallow\coupons.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\w3i"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{00B4FEDC-9657-487E-A6EB-547635DE6A9C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{013EF042-FED6-4156-9D33-BC2E2A63C64C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{017BA47D-BDCD-4FD5-AC74-746A68EF69E2}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{01AF2484-370A-4EEF-9CE3-AC9CF0E44566}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{028F95B3-7B8A-4B17-AC79-685F3A8136AF}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{02CF7E75-C8E6-47BF-86EA-3904F0D0CCEE}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{0415AF99-C344-41BA-8FA3-F3F3531ACFC1}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{047C434B-6EEF-464C-A4A0-B209278B34C9}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{04DC1A0E-E868-4B45-90A2-1A66CE0B25C5}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{04E5B055-039A-44CB-BD13-A18555A0660F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{05702CFC-FD4B-4A0F-B45C-85A9C5C2DAD5}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{05980C7E-6BDB-4B31-B353-8690FFB04C04}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{0653BC9B-A780-4802-BB30-7B676DF11CC9}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{068E8B95-E7C3-4BDD-B983-69CFAB38B018}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{0839D450-6231-40BB-8B1D-1145DEE6E3C5}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{08C7871A-7C75-4990-9CD1-6390FBC80DA8}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{094313FD-3A70-427C-896E-26BE8F5A5BB2}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{09D50768-E3C4-4536-8208-049D6D68B58C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{0A048440-4839-4F67-985B-41DEB9AA0A27}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{0A1CD7BE-7444-40FC-A081-342F7DFC5D97}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{0A54AE25-2F49-47A0-B7DE-D38720BB0535}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{0AFE2CB1-3739-4AE0-A8D3-3288C179E7D3}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{0BB7FC5E-5D29-48DA-98FB-083286AAE610}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{0CB2198D-A970-4C7A-A276-0180A3F8772A}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{0CFD52BC-1B07-4A00-A0F8-E24DC6801CDF}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{0D088EBB-CFA0-442A-A6A0-FC2F2933465C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{1160FBD7-F5E5-4DE6-859E-8E4E3FA02D2B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{124B4B19-09A3-43D1-A627-BB7E75B8C6C3}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{126F11AE-B4AA-44DD-B8A8-BFA2EB5E43D8}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{127B3210-7006-4AF8-9E6A-30A23A811044}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{13D2B9C2-E628-4ACB-9738-572D3F367852}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{1563BFE7-DA62-45A3-8D86-A7BF413CB6F6}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{15BFCFFD-BCB3-474A-9E34-8B3566A1D493}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{15D6824A-6DE9-4DA4-9389-361D5FE30F2B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{167EAA48-2D26-4D7B-85DB-5D2D2E9A25B2}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{1767BA82-0270-4EFB-AE99-C03D2150FF26}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{185A77C6-7886-477D-B146-7A8D18DE4D01}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{18F05B5E-5ADC-413D-87FD-D48058A0EC2D}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{199C4252-BDB6-4C45-9F9B-1376A08B07E9}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{1A00C97C-4337-4C18-972B-3A1F99C5C9E4}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{1A37BA5D-43BC-4E4F-BB25-3A0EFE4B7EEB}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{1A542271-3B7D-4724-8B1A-EEC669794282}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{1A5B1B5F-15DC-43E6-BAEC-2AA3FB80FE42}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{1AC885B0-1705-4802-A4CA-F4B114DDB330}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{1BFF5E81-8A32-4B84-B2AC-E2A626352C5B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{1C8B9466-7D6B-449B-86F6-D7B0E4AD3C5A}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{1F8EE3DB-20D6-4F7B-9DA2-5896FA9A676F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{202976FA-8802-42FF-8DC5-4836348F6D27}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{20ED8AF4-04AC-4E00-8F5C-EA3FFB0E1D5E}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{20F553C6-CFC8-431F-9CFA-17E426E48D84}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{212ABA0F-7FFE-47C3-A515-465B6DAF5618}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{23938467-4C86-48B2-8FB5-9ADBAC7402B0}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{243D7FA0-F559-4FFE-93E9-88F9688C9E5F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{24A068AD-C9E0-4463-9748-E1C4E30860A5}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{26016019-8E33-4FAF-9887-0314F2216612}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{28BE58FF-0CF3-4ED8-A9D6-ABA93B17E231}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{28DFDF49-DD69-421A-932E-841F6367E311}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{2941D2EE-1855-44AC-92F0-5CF46F9CD431}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{296835D9-531D-4B6E-88AB-1AD4957630C9}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{297218B6-DBC2-42FC-BABE-A42FEAEFB374}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{2A21C039-B519-484F-B0B4-DC582FD029EA}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{2A4072ED-A932-40DF-A641-93C23914ABE5}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{2B0533DA-C6F3-455F-A8AA-FD7F9061C94B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{2B2D2FD6-C463-4D5E-BA71-220DCE81E33C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{2B3FB41A-7DE9-4FCA-8D69-4531D23CB729}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{2DB37A23-5090-48BF-8013-D1CB15652F1B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{2E2BB626-0F35-4A8A-AF33-4374ADD55CDC}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{2F55F33A-491E-4DAB-9684-AF0CE6B6C20F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{2F996974-EA4A-432C-9F50-3F6CEB927A5A}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{30F65E3F-7AB8-438F-B744-DD7647FF09BD}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{31368472-9506-4182-B760-1E2042D7759E}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{31B2693F-FFEB-44D2-A83E-0719EC01316D}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{31F7E9B5-A459-4FCB-954D-7ADF01166756}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{3267D845-1415-4071-89A8-D663CC098B73}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{32F07A30-4CD1-412B-B156-0C161DE0D19F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{3318F854-E37D-41BA-A1C7-FFD14F35449D}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{334CA2FF-EC19-46A6-8FC0-91DBBC818CE1}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{34774DD1-2AC1-4506-A140-04BA460B7DDF}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{357EC644-D5F6-466E-88B3-99ADFA1D27D3}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{35DFFEA2-3DD0-4C4A-9959-EDBA160DAB85}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{388EAC32-E6A4-44AF-B665-FA05B5C3DD6B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{389928D6-9DD5-48AE-8ED3-C41A7E5403AC}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{38F79948-A418-4431-9F95-D99DD3D7D50F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{39605820-2F40-4D0D-9E09-3FBFA3B46378}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{39A87AAA-A003-4DCB-8E86-F09029BE0A28}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{3ACD3976-6E14-4BC2-9DF0-46E5EEA1547E}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{3B4850DF-3651-4CC2-841B-B3D5BC877B06}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{3B9EEB5A-3BF9-4EC7-9682-36E1D70C1D60}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{3CE3BEE9-F475-48EF-A780-113BCD8AA373}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{3F1EB6EE-7A8F-4C99-AE40-D0A9CE3F5EF6}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{3F3E53E0-E6A4-4871-BB9C-93CAB8B57F58}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{3FAF552A-C344-48D7-9D95-61197BA7F56D}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{408C65D4-7A3E-4A30-B2CD-C1CEC430AA3E}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{40C89856-2C31-48E9-A323-9E00CDBB359F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{40C96508-F2FD-4BE0-858C-4C85BE1D3EAA}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{4200E4C3-A63C-4F63-80B4-A90D0D110C26}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{4269C808-2E74-420C-90A5-CED52F935D8C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{426E7E4A-8269-4E3C-B860-573C4FD6A9F0}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{43312F13-A7D3-43D1-BF66-1BF4CE37DCAA}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{43E59B91-8825-4245-B845-F2985E1F1E30}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{443B4113-E693-4F41-8756-94E82345E1DB}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{44C7314B-9187-4919-B27B-74A464C5A411}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{45AF7211-B667-4131-A60B-BB63BA35FE69}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{464EEA76-CAAD-4F7C-998A-EB703CAB37EC}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{465A7A88-61D8-47E3-B8CA-A4D3108E613F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{48463CDC-358A-4430-A34C-A2CEE63330ED}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{4C294215-4907-4B8D-B1B3-CAC49C209B77}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{4C7386D7-AB27-4EB8-A739-DA44CD59AEA0}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{4C7654A7-42AB-4646-8FF7-325C0BC426F7}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{4DDB14A6-CA8F-42D4-B565-944B1C470C31}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{4DE13D7F-F8DC-40EC-9918-6DAE7ED80EBE}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{4E40A9AC-278F-4C85-886F-011C3AFCFBE6}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{4EB2A9B6-010B-4298-AC30-E964B7B802C2}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{5004E817-4BF1-493A-A2CA-354020D9D094}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{509532AC-6185-43F6-8ACD-7CDF3DE85311}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{51771E03-BE37-44D3-A11B-C3D42CEE5290}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{52335238-D319-4E09-81FC-7EA4999B31A3}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{52CA1596-988D-4A76-A46E-0139B904151D}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{54F4DB47-6B24-440A-97F3-F4FED9358D4E}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{5533621E-AA4D-43F0-8A3F-5FCF9C691916}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{554DA1A5-B32D-448A-B066-AD2219BDDAB5}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{563E00EB-5B62-4770-8BEA-6365CEAE0E21}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{56744590-4724-49B9-998D-C83B32BC5ACD}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{58602AD0-EABC-4702-80D2-1F21C2F41AE6}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{598E53D2-D390-4073-BB02-80AA7B43358B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{5A4B0F0C-850B-4BC1-9720-5580AC4C9E82}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{5B904D94-F59C-4DD5-A6B4-C639B8EEB6D5}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{5C30E456-4C53-4A32-A8CC-1978C8BF2A58}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{5C61547F-AD10-4D0B-A138-FE006F908FB5}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{5C65826E-A19D-408D-8A6D-69C5848BCFAB}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{5D27137B-B8B2-424E-A831-BA8EB3F5F411}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{5D96BF8D-3600-44D9-A1C0-8C0E81DD31E9}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{604D56AB-1735-42A4-A3D0-D113D4912E0E}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{606EA022-D223-4B72-BAD9-BDB170E91B14}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{608D5018-E536-45D0-AF9C-1640A73FCA3C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{60A40D3F-1DE7-4AC4-AD1C-E9C28EB4135C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{61A9FFAB-CCDB-4E45-9745-340164AFCAC5}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{62573D58-2F19-4B7A-A553-FBAD8D384079}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{62D3669B-856F-4606-8CD4-59E30915B0B6}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{63D47FF1-1556-45B6-B6C9-91A5CB56A926}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{6482F3F2-AAF3-42AF-9D34-5038F39FB166}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{65053059-FDEA-4EE3-A473-4F4BEDB7BDD7}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{65FFBDA4-AB76-45A8-9B70-FCE18D92D924}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{66AD9875-7F10-4AE5-84CA-18212642F2A3}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{66E0A6C7-4CDF-46EE-93F7-47FCE8B806C1}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{679E7F8B-E429-4378-8DD7-0A84B4A52269}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{68BBA94D-C5CC-4972-970C-19D830A5C619}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{691406C4-DBF5-4E40-B421-3CFEA8A96CE8}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{697D2A88-79CC-47BA-9763-43CCB70824E7}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{69CCBDD4-37A0-4DA8-AF9A-B2AE1447F1D4}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{6A28FAFA-8CC0-4E80-A69B-D4BDB8CE6219}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{6A4DE156-7F26-45A0-9D81-051877E95B10}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{6A91A35C-73A8-44E3-BEAA-1F19BAC7BC78}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{6B267ABF-7099-4D21-960F-985801C9CEBF}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{6B93B893-EFF4-4567-89A9-A631491C6255}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{6C29D0F3-2819-47E9-96D4-A9A2B4EB3F44}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{6CF968B9-F37D-4E72-AFD9-EA16A05A113A}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{6DE3B36B-C113-40FD-8182-BD9C89CF1CF3}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{6E3BE1ED-C375-41D4-B69E-37C5C1C86224}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{6EE6865E-0F00-4F49-A881-453829A69FBC}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{70369CC9-98C1-495E-B9A1-AA21302471AA}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{70B0EC63-011C-49D1-AFC0-6B168638EC19}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{70F72BEE-CE37-4CB5-90F7-4B24F9B0517C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{71A0E322-9CC3-4D23-AD48-F305112991AC}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{7264727A-5471-4EF4-95E4-98A2601D2F56}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{72B50BAE-34C4-4F1A-A0BB-DC0DC24CB9CB}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{72F61173-861F-4C5B-A5A9-C1CB68C1CC2F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{7352E5C8-2B2F-494A-851A-CFD6A12C1A95}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{7355B269-8E70-4F1A-85A0-BE790FB06AF6}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{74C902DE-2F08-4597-8C0F-28EBAB623771}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{75044B2E-D1E2-4097-8D04-D00C50AD7B1A}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{7523975C-8D0E-477E-AD05-7C650CBD1F1C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{757F8874-43A6-4BD4-9E92-08906C13C119}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{75B96AEF-6504-4B22-88DA-05AEC069FCB7}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{75DAEF33-30B8-440E-B2C4-ACE6C259C072}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{78E1EEE0-AA93-4240-AE06-1B71C2E5B6D8}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{795C5683-51F6-4EB5-AC06-60DB50316967}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{7984D07E-46A5-481D-B0B3-49149EB5D7FC}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{79C4EB93-C9C2-4273-9F0D-8837807195CC}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{7A7E3A2E-D4A6-4C2A-B219-E10B0042F1A2}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{7D581678-6DEF-4FDC-BF64-E341A038A176}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{7E21E44A-98BC-4695-9B2C-21A6A7A9626A}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{7E3425DB-370E-43EF-926C-842E2E7311E4}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{8096DC48-FCD3-4C44-A710-3A8EE9B4B6E9}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{813EA6BD-8E9F-41C5-811B-6F6FEA904C81}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{8189C7E1-7EF0-433D-9924-F044FE8525A4}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{837456CE-FC60-4168-A10C-E775218A185F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{846E22A9-A7D7-4207-9CFD-B46E9362E2B5}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{84D389A1-55F3-4ACF-9B11-237CF69E1AC8}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{853F0C1D-AB17-4B9D-B370-B9344C8AF489}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{858875C3-DEA5-49D4-95E4-409148793FC0}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{85D82781-31CB-4226-A4A8-6D420A79FF2D}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{8611C95A-7F55-43F6-AEFD-458206475544}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{86C004C3-F4A1-4B13-BFC7-EACC9D80BA1C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{86E1F4EA-61A3-4852-BEE8-52F1554D291C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{88BA0FD6-E5A6-4F4A-9F6E-62458E1EADA3}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{894C8228-A5AE-41CD-A504-CB76B41F913B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{8B5D67A9-CD45-4A54-8513-A2D5342583A2}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{8C1A7A6B-7F83-4D3A-BB68-1F429F7F222A}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{8CB7B280-8CA3-4C61-9D44-4577E44273D5}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{8D4E8BFC-C9C9-4A51-BB8D-A30203AD57C4}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{8DA0361C-3987-4DCB-A739-B75E642495BF}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{8EEB83CD-DF99-4A43-9BE1-BF0043C31CB5}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{8F9159E8-7FC5-492B-8849-12289CF6156A}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{8FB0A6B0-E344-4F9C-BE13-DCDDD852AB14}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{8FE61BB4-980D-42B9-B261-E4820B831F0B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{90C0DF0C-4C42-4485-96BB-042D0E535B68}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{9121E143-2EEA-4612-BAA8-1EDE51E2A7A0}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{91CAE9F4-5BBB-4D88-986E-94D13D52C1A3}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{92460006-2EB5-452B-8ECF-A8C2E05F8E80}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{92999549-CD24-445D-913B-B24581720D6F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{92DB379B-97FB-4EFF-A190-67195C760EFD}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{93739BCE-19BB-446B-802C-9A856DB24F10}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{943D9F3D-6889-44AB-80D7-253349346969}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{9489E1F8-628C-4324-973B-61761083F169}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{94F38B00-4B6D-461E-B131-AB4897F93097}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{9562071C-7650-47A5-AAAF-920C13335F8C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{9736E588-963C-4144-AF08-8773051F6D44}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{973DB21E-7095-4B5F-BCD9-BE012AAC5008}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{97BB504D-ED53-4586-9938-F49D4BCBBCE6}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{98371EC1-57E5-429F-A577-9515AB7E612F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{99189934-1EF7-45BA-AFB6-5D4AE10BF769}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{993A0619-C44F-454A-8BD3-CF771FB2771D}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{99526FD8-A67D-49A3-A606-DFA889898A22}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{99DAD2A7-D3F1-4B88-B4E2-14090B799BB8}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{99DCDA3A-A754-4E80-968D-C0976F6D8A4E}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{9BEBF0B4-9037-4F81-99DF-37FBB665B457}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{9C4951CA-ABD7-42E4-A28D-03BE006CF925}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{9F0057B9-722C-469F-978F-7EBA015E14B5}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{9F2D58BA-BA9F-4AA0-8062-5C27574EC524}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{9F559A24-75C1-40D8-88BA-164D0C98A2DD}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{A015C01C-580F-4436-8EDA-211B21095783}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{A0C253F5-8AC6-4823-8C5D-0E672CC25B98}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{A1157D7C-B69B-447B-B47C-24F8CF7E895E}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{A147972B-1FF7-45B3-8B17-D184D7A35940}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{A1C14D4B-9935-4E6A-A0F6-975D7BAD8E2F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{A226591D-EB28-4D9B-9ED7-A9C00352EF74}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{A277CB19-342A-4772-AAEF-884B950CB9EF}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{A2AE0F8A-5313-4DF9-85AD-4EE768F3BFD0}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{A3991B45-DD12-44BC-812E-8A3A49A25A3C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{A5BD913C-FFB1-486E-8E8D-03D7176BB057}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{A65CA08D-667F-4FB6-87DF-ED5E47236F2B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{A6C24A3F-D519-48DF-BF0F-D0DC67EB601B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{A6F37723-F7FA-4BCC-87A8-B990CE7C314F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{A830651F-A0C3-4511-898A-710242D015F3}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{A9F36EE1-7BFA-48F9-A31A-6EB806B299C5}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{ACE369A9-28D7-4663-8A58-6E7304A2AEA8}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{AD0D8DED-C6F8-4B45-A100-3DE25A8D1A77}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{AE083C69-8EED-4304-A8A2-5F1D8D5BE35D}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{AEFFD425-549D-4BEC-A464-E1949F067AB6}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{B0620024-44DF-4ABB-9CE8-93F7DC797B29}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{B0A64B3B-518B-4E4E-906E-14BEFF482918}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{B1A1E406-867E-4AD6-AB3E-E0E3FC8DC127}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{B29654A3-55CD-449E-B1D7-7DB32D4C452C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{B2A84C46-37B5-48DD-B7ED-6E47C9BF230D}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{B2D8F600-0805-4A7F-B2E8-FC9E0271A8FC}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{B3365832-C787-4870-AD69-CA30FDCF969D}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{B3400BEA-EA49-4DC8-80FB-815715057973}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{B39EDDBC-6C13-470A-A9A4-5181C42BE88D}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{B50331FE-D260-42FC-90D9-0191D0F2DDC4}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{B531EC0C-EAF7-4E11-9222-8891629110A6}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{B59A9092-F110-47B5-9F11-23AC9F92F696}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{B5B8F48B-4642-4C1C-BA55-6D833E32A94F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{B5D8A5DA-EE56-463A-9C73-212F102FAAA8}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{B75036BF-C2B5-43DD-88AD-49332AAB3C09}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{B96C659E-63B3-4484-AD7C-6CFAF8638F97}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{B991224A-44BE-4A03-A9EE-64A374FF2F77}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{B9CB0D9D-79B1-4DAC-B0EE-3A2CF2822487}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{BA7D51A6-84BB-4D89-89C6-DACA574E8107}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{BAECC1D0-F1CE-4426-97F7-D8D754BBA01F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{BB50BB1B-64CF-46EE-8AA3-B965A5EF4EAE}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{BB516349-19EB-4E21-A9A2-FE4F2F1E1B4F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{BBD60ACA-FB89-43B2-B3A4-D586581FB3C0}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{BC369C4E-3435-4712-BF57-E89ED16F960C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{BC9532D6-8C30-4E1B-9122-9A536556C761}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{BD03AA1D-46E3-46CB-916E-F6F140113058}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{BD3A3ECF-71C6-44D4-A404-6B8C9FF72C3B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{BD3A5211-15B2-46B7-8663-AE606891FAE4}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{BEE76B95-027A-484B-A793-959FCD484FB6}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{BF217394-31F0-4A84-BD66-25CD91102245}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{BF53635C-A47B-43B8-9ABD-9797C47D980E}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{BFC60AB9-E1C5-450F-B7C9-12437AE2E8A8}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{C0029A02-AC6E-4755-A1D5-7E4179656DB0}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{C0847957-A990-455E-8423-565CBFCD81CA}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{C1129EFD-4944-449A-8EA5-19D6F5150BB6}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{C156B425-F3E3-46AF-9B94-4C71B784AE5C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{C306C112-E54D-4253-B5BC-A574AA6092B1}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{C45000FC-4AD9-4394-859C-F8349DFE82F2}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{C658A3C7-4051-4D27-B658-5D8A8F188738}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{C9696160-C1D6-4AC3-955E-A7B030290558}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{C9A7DD97-E703-406C-BA22-F3D386D40153}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{CAFF829B-324C-4041-9395-07AE84822663}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{CB2AC7A0-88EA-471D-A3CF-7C7A6B2535C1}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{CC86EAE1-6F57-4A6B-8180-27D32FF85528}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{CCA777DA-BBB9-4557-8FD7-1464744C88A1}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{CD4AE441-0B7A-43BF-B8BA-46B8ED18CFDD}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{CD8103F6-35C9-4D08-86AD-AE1DA801CC21}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{CDCF4DD3-6B7C-4394-81A3-36A3ECD0CFB4}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{CDD988E9-1303-487F-9DFA-B0BA3C351C56}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{CEC5CE61-830D-4E51-8402-6BBBAADAA022}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{CF1D741B-5357-4A16-A052-1DA4BE25AC71}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{CF4DB9D2-025A-435D-9184-791AA12F1EE9}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{CF4F4BAC-D16B-4BFD-A6DF-BD3B513EA5D2}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{CF959B71-6803-4F76-8853-7A246B6A5EF3}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D05D5E90-8644-4F62-9252-D92AC40F9F40}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D0780D1A-933D-4B09-AF67-670B719EE30B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D08CA650-4B4D-4F4E-A0F5-C5159412901F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D18B1631-25BE-4692-9014-EE04AFE43471}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D349D1E1-897D-4414-ABE7-21476C6E5A7A}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D34DC9B3-194F-4E09-BCF9-EF4A2F8EB684}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D3CC5864-EEA9-4E6D-BDA2-FB3DE7523B61}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D4344825-D3A2-435E-ABE1-01C459CF4626}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D443B163-9893-4066-8763-DE99CD8A78B7}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D570C3A2-16D7-494C-B55C-1B98E953A785}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D5DAAF13-88BE-4C56-95DA-C769769197F2}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D6570EE2-B691-4E62-922B-3FFE9CB6425A}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D7B27714-CFEF-4031-BCE1-E5BA5DF87A7E}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D8D31BBE-4426-4DA6-A973-ADFBD56844CB}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D8F445A6-988B-46C6-99B8-DDB12AE04D30}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D8F847DE-1A2E-45E6-9FE5-D3ECB1217C16}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D954B6FE-BDE3-4C41-A53C-5110FFAE359B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D996FD07-66D9-4B74-ADAE-7D9802101D3D}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D99AE2C4-F73E-4B39-8418-D29CE92DA9CF}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{D9CF7B04-32FB-4A5A-B74D-2B495DB3293B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{DA723ABF-C38C-4E9D-94E9-0C31186AEFE2}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{DBE8281B-DC39-482F-958C-A0E69C880472}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{DD24F256-94B3-4386-816E-E7219C0BD126}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{DDD39184-3B9B-4BE1-9030-E43421E77FCC}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{DDE1905F-053A-47DC-9C12-49FA5172A558}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{DE9E36C9-F652-46AE-B526-D2CC321DFA15}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{DF71430F-6760-4531-AF34-CD1E7F48B749}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{E0A7F205-5D87-48E4-9EC7-17563EE4B455}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{E20D358A-B0D6-4F31-946B-806E7179805D}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{E3F4526B-DBFC-4E54-91B2-D26EB0323D59}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{E442996B-E94B-4CB1-952A-F86A7992696A}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{E4E38327-5B31-43D8-A5CD-2023D774ADB5}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{E51E0A0A-6807-4BA7-9E1D-8DBF0F390F25}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{E5984839-0687-4B46-A5B8-B4698EDF252C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{E5B3096C-7C18-4E1E-9F65-F4630CBB6C15}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{E5B84269-9A35-4EFF-851C-73B9FAA721E6}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{E620BC7D-476F-4261-9005-DEDD05D1524B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{E6B65CFF-79F4-44A1-9CEF-54F1418307B2}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{E9F7CDB0-CB64-4AF5-9808-9AE9D8F4A18B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{E9FEFF1D-C434-4CD9-902C-9B78710A86A6}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{EA1E5B9E-850E-4A14-9B44-76E43211043F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{EAB9636C-AD83-4DBC-9DDB-0DDA4661F8EC}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{EBF79EE4-52E7-4659-94DA-728840F5BB4A}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{EDA8E48E-135A-442D-823E-C166F030B09D}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{EE0B8873-C3B6-434D-BCD7-DD5C41AF9AF7}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{EE61C345-9343-4232-A543-5F38458F8F16}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{EF00C757-A8C9-41FF-8F02-B320A0A4C62D}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{EF300E1D-7CA9-441A-B27C-973C96ACF0F8}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{F0C85CC5-9AE1-49AF-965A-340E0154524B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{F17C0AE5-DFC3-4702-92D0-FDEB240A726C}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{F17D64F5-AE47-4E28-91B4-585C728F35CD}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{F2D56015-2AEA-451B-B760-7B6E691539C0}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{F468746B-7E2E-4424-8764-D5CF1727999A}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{F47428AF-A5C5-4C98-9151-B54374D482A5}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{F5303734-8003-4325-8B7A-15CCE3225EBC}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{F60A561F-7BCD-46F8-A7E1-A04E05A5F38B}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{F7484F54-CA89-4BE9-B318-AC6331121821}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{F8035DE3-61BF-494E-8F67-716F80B5FEEA}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{F87EBA0B-71B2-417B-956D-18CA1DFC97C2}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{F8DEC28C-9AF7-4B45-A550-F1EBDD51467E}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{F9E65562-1A3A-418B-AB40-2C0DF4BC40D2}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{FAE7FDE4-80C4-4AE9-9761-39A7009D1B3F}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{FB904F6E-26C9-4B22-828B-51EF90B01586}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{FBDEDEF0-81E5-4B27-9718-85F00D62731E}
Successfully deleted: [Empty Folder] C:\Users\B-Websites\appdata\local\{FE382ADD-6704-4A0D-A3EF-973A096000E0}



~~~ Chrome

Dumping contents of C:\Users\B-Websites\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\B-Websites\appdata\local\Google\Chrome\User Data\Default\Default\aadcgbgegcdcgbdhddgegbdidedjdagb
C:\Users\B-Websites\appdata\local\Google\Chrome\User Data\Default\Default\aadcgbgegcdcgbdhddgegbdidedjdagb\background.js
C:\Users\B-Websites\appdata\local\Google\Chrome\User Data\Default\Default\aadcgbgegcdcgbdhddgegbdidedjdagb\ContentScript.js
C:\Users\B-Websites\appdata\local\Google\Chrome\User Data\Default\Default\aadcgbgegcdcgbdhddgegbdidedjdagb\manifest.json

Successfully deleted: [Folder] C:\Users\B-Websites\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/06/2013 at 20:47:34.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Buffyanimated

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2013-07-06
Operating System : Windows 7 (64-bit)

View user profile

Back to top Go down

Re: Trojan:Win32/Sirefef.AB found by Windows Defender.

Post by Superdave on Mon 08 Jul 2013, 6:19 am

I did hold Shift down for 10 seconds tho, what exactly does that accomplish while inserting a Usb cable?
It prevents any malware that could possibly be on the memory stick being transferred to the computer.

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan:Win32/Sirefef.AB found by Windows Defender.

Post by Buffyanimated on Mon 08 Jul 2013, 8:31 am

Hey Dave I need your help after running the ComboFix it wont let me open any of my browsers it says , "illegal operation that has been attempted on a registry key has been marked for deletion. " and it will not open any of my programs.

What do I do??

here is the log
Combofix
----
ComboFix 13-07-08.02 - B-Websites 07/07/2013  15:54:22.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.2264 [GMT -5]
Running from: c:\users\B-Websites\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
C:\Install.exe
c:\program files (x86)\Brand Affinity Technologies
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\fantapper_0941e80o8q2l.crx
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\fantapper_0941e80o8q2l.xpi
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState
c:\programdata\6c08d235
c:\programdata\SPL301F.tmp
c:\programdata\SPL3B8D.tmp
c:\programdata\SPL9BB.tmp
c:\users\B-Websites\AppData\Roaming\hVVVrzzONOpen Cloud AV.ico
c:\users\B-Websites\AppData\Roaming\k7dEKghXwUltPyAOpen Cloud AV.ico
c:\users\B-Websites\AppData\Roaming\Microsoft\~DFKce98097.tmp
c:\users\B-Websites\AppData\Roaming\ojUCekIrzNAuSFpOpen Cloud AV.ico
c:\users\B-Websites\AppData\Roaming\vbF3pnGaHWf9qCIOpen Cloud AV.ico
c:\users\B-Websites\AppData\Roaming\xCwkUrlOBx0o4HWOpen Cloud AV.ico
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FTSvc
-------\Service_FTSvc
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-07 to 2013-07-07  )))))))))))))))))))))))))))))))
.
.
2013-07-07 21:02 . 2013-07-07 21:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-07 21:02 . 2013-07-07 21:02 -------- d-----w- c:\users\Sis\AppData\Local\temp
2013-07-07 21:02 . 2013-07-07 21:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-07 21:02 . 2013-07-07 21:02 -------- d-----w- c:\users\M\AppData\Local\temp
2013-07-07 21:02 . 2013-07-07 21:02 -------- d-----w- c:\users\ginzu\AppData\Local\temp
2013-07-07 21:02 . 2013-07-07 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-07 01:42 . 2013-07-07 01:42 -------- d-----w- c:\windows\ERUNT
2013-07-07 01:42 . 2013-07-07 01:42 -------- d-----w- C:\JRT
2013-07-06 23:08 . 2013-07-06 23:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-05 22:50 . 2013-06-17 07:10 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB2EE4FC-A134-4F0E-A7CA-4FEBA58BB276}\mpengine.dll
2013-07-05 05:03 . 2013-07-05 05:03 -------- d-----w- c:\users\B-Websites\AppData\Roaming\SUPERAntiSpyware.com
2013-07-05 05:02 . 2013-07-05 05:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-07-04 16:51 . 2013-07-04 16:51 -------- d-----w- c:\windows\Profiles
2013-07-04 15:03 . 2013-07-04 16:51 -------- d-----w- c:\users\Administrator
2013-07-01 16:11 . 2001-09-05 09:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-07-01 16:11 . 2001-09-05 09:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-07-01 16:11 . 2001-09-05 09:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-07-01 16:11 . 2001-09-05 09:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-07-01 16:11 . 2001-09-05 08:24 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-06-25 19:47 . 2013-06-26 21:12 -------- d-----w- c:\program files (x86)\Movie Maker 2.6
2013-06-21 17:50 . 2013-07-01 15:52 -------- d-----w- c:\users\GM Project
2013-06-12 08:01 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-11 23:12 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-11 23:11 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-11 23:11 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-11 23:11 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-11 23:11 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-11 23:11 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-11 23:11 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-11 23:11 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-11 23:11 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-11 23:11 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-11 23:11 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-11 23:11 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-11 23:11 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 18:01 . 2012-09-30 23:39 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 18:01 . 2011-10-10 04:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 08:02 . 2012-12-19 10:21 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-04 08:04 . 2013-06-04 08:04 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-04 08:04 . 2013-06-04 08:04 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-04 08:04 . 2013-06-04 08:04 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-04 08:04 . 2013-06-04 08:04 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-04 08:04 . 2013-06-04 08:04 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-04 08:04 . 2013-06-04 08:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-04 08:04 . 2013-06-04 08:04 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-04 08:04 . 2013-06-04 08:04 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-04 08:04 . 2013-06-04 08:04 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-04 08:04 . 2013-06-04 08:04 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-04 08:04 . 2013-06-04 08:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-04 08:04 . 2013-06-04 08:04 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-04 08:04 . 2013-06-04 08:04 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-04 08:04 . 2013-06-04 08:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-04 08:04 . 2013-06-04 08:04 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-04 08:04 . 2013-06-04 08:04 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-04 08:04 . 2013-06-04 08:04 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-04 08:04 . 2013-06-04 08:04 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-04 08:04 . 2013-06-04 08:04 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-04 08:04 . 2013-06-04 08:04 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-04 08:04 . 2013-06-04 08:04 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-04 08:04 . 2013-06-04 08:04 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-04 08:04 . 2013-06-04 08:04 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-04 08:04 . 2013-06-04 08:04 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-04 08:04 . 2013-06-04 08:04 441856 ----a-w- c:\windows\system32\html.iec
2013-06-04 08:04 . 2013-06-04 08:04 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-04 08:04 . 2013-06-04 08:04 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-04 08:04 . 2013-06-04 08:04 235008 ----a-w- c:\windows\system32\url.dll
2013-06-04 08:04 . 2013-06-04 08:04 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-04 08:04 . 2013-06-04 08:04 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-04 08:04 . 2013-06-04 08:04 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-04 08:04 . 2013-06-04 08:04 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-04 08:04 . 2013-06-04 08:04 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-04 08:04 . 2013-06-04 08:04 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-04 08:04 . 2013-06-04 08:04 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-04 08:04 . 2013-06-04 08:04 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-04 08:04 . 2013-06-04 08:04 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-04 08:04 . 2013-06-04 08:04 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-04 08:04 . 2013-06-04 08:04 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-04 08:04 . 2013-06-04 08:04 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-04 08:04 . 2013-06-04 08:04 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-04 08:04 . 2013-06-04 08:04 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-04 08:04 . 2013-06-04 08:04 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-04 08:04 . 2013-06-04 08:04 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-04 08:04 . 2013-06-04 08:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-04 08:04 . 2013-06-04 08:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-04 08:04 . 2013-06-04 08:04 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-04 08:04 . 2013-06-04 08:04 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-04 08:04 . 2013-06-04 08:04 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-04 08:03 . 2013-06-04 08:03 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-04 08:03 . 2013-06-04 08:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-04 08:03 . 2013-06-04 08:03 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-04 08:03 . 2013-06-04 08:03 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-04 08:03 . 2013-06-04 08:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-04 08:03 . 2013-06-04 08:03 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-04 08:03 . 2013-06-04 08:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-04 08:03 . 2013-06-04 08:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-04 08:03 . 2013-06-04 08:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-04 08:03 . 2013-06-04 08:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-04 08:03 . 2013-06-04 08:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-04 08:03 . 2013-06-04 08:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-04 08:03 . 2013-06-04 08:03 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-04 08:03 . 2013-06-04 08:03 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-04 08:03 . 2013-06-04 08:03 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-04 08:03 . 2013-06-04 08:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-04 08:03 . 2013-06-04 08:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-04 08:03 . 2013-06-04 08:03 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-04 08:03 . 2013-06-04 08:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-04 08:03 . 2013-06-04 08:03 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-04 08:03 . 2013-06-04 08:03 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-04 08:03 . 2013-06-04 08:03 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-06-04 08:03 . 2013-06-04 08:03 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-04 08:03 . 2013-06-04 08:03 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-04 08:03 . 2013-06-04 08:03 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-06-04 08:03 . 2013-06-04 08:03 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-06-04 08:03 . 2013-06-04 08:03 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-06-04 08:03 . 2013-06-04 08:03 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-04 08:03 . 2013-06-04 08:03 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-04 08:03 . 2013-06-04 08:03 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-06-04 08:03 . 2013-06-04 08:03 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-06-04 08:03 . 2013-06-04 08:03 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-04 08:03 . 2013-06-04 08:03 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-06-04 08:03 . 2013-06-04 08:03 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-06-04 08:03 . 2013-06-04 08:03 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-04 08:03 . 2013-06-04 08:03 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-06-04 08:03 . 2013-06-04 08:03 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-06-04 08:03 . 2013-06-04 08:03 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-06-04 08:03 . 2013-06-04 08:03 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-06-04 08:03 . 2013-06-04 08:03 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-06-04 08:03 . 2013-06-04 08:03 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-04 08:03 . 2013-06-04 08:03 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-04 08:03 . 2013-06-04 08:03 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-04 08:03 . 2013-06-04 08:03 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-06-04 08:03 . 2013-06-04 08:03 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-04 08:03 . 2013-06-04 08:03 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-06-04 08:03 . 2013-06-04 08:03 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-04 08:03 . 2013-06-04 08:02 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Messenger (Yahoo!)"="c:\users\B-WEBS~1\Pictures\YM3E6A~1\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2012-12-05 597880]
"DiagnosticTools.exe"="c:\program files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe" [2011-04-25 2037048]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
.
c:\users\Sis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\users\B-Websites\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
25Clips.lnk - c:\users\B-Websites\Pictures\Clip Board\25 Clips\25Clips.exe [2012-10-6 719360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 trackcam;TrackerCam Video Capture Driver;c:\windows\system32\DRIVERS\trackcam.sys;c:\windows\SYSNATIVE\DRIVERS\trackcam.sys [x]
R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys;c:\windows\SYSNATIVE\drivers\DigiartyVirtualCDBus.sys [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys;c:\windows\SYSNATIVE\drivers\hitmanpro35.sys [x]
R3 JLTECH0227;Dual Mode Camera;c:\windows\system32\Drivers\jl2005c.sys;c:\windows\SYSNATIVE\Drivers\jl2005c.sys [x]
R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys;c:\windows\SYSNATIVE\Drivers\StkCMini.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\users\B-Websites\Pictures\superantispyware\SASDIFSV64.SYS;c:\users\B-Websites\Pictures\superantispyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\users\B-Websites\Pictures\superantispyware\SASKUTIL64.SYS;c:\users\B-Websites\Pictures\superantispyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\users\B-Websites\Pictures\superantispyware\SASCORE64.EXE;c:\users\B-Websites\Pictures\superantispyware\SASCORE64.EXE [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 HsdService;HsdService;c:\program files (x86)\Windstream\Diagnostic Tools\HsdService.exe;c:\program files (x86)\Windstream\Diagnostic Tools\HsdService.exe [x]
S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe;c:\windows\SYSNATIVE\lxcycoms.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Windstream\Service Agent\ServicepointService.exe;c:\program files (x86)\Windstream\Service Agent\ServicepointService.exe [x]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys;c:\windows\SYSNATIVE\DRIVERS\ManyCam_x64.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-30 18:01]
.
2013-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 06:17]
.
2013-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 06:17]
.
2013-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1186489308-429075269-1435096030-1003Core.job
- c:\users\B-Websites\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 09:45]
.
2013-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1186489308-429075269-1435096030-1003UA.job
- c:\users\B-Websites\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 09:45]
.
2013-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1186489308-429075269-1435096030-1004Core.job
- c:\users\Sis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 09:45]
.
2013-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1186489308-429075269-1435096030-1004UA.job
- c:\users\Sis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-06 09:45]
.
2013-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1186489308-429075269-1435096030-1006Core.job
- c:\users\ginzu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-21 08:30]
.
2013-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1186489308-429075269-1435096030-1006UA.job
- c:\users\ginzu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-21 08:30]
.
2013-07-06 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3779fa60-04e3-4a4b-815e-e3d6abf5e742.job
- c:\users\B-Websites\Pictures\superantispyware\SASTask.exe [2013-05-23 20:21]
.
2013-07-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9b39049b-5cb8-423f-9fdf-ea6525e4863a.job
- c:\users\B-Websites\Pictures\superantispyware\SASTask.exe [2013-05-23 20:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\B-Websites\AppData\Roaming\Mozilla\Firefox\Profiles\cyhw0vo6.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{8A86D350-37AB-410A-8531-7D1363F317B3} - c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-SandboxieControl - c:\users\B-Websites\Desktop\prot\sandbox\SbieCtrl.exe
Wow6432Node-HKCU-Run-Easy Dock - c:\users\B-Websites\Documents\RCA easyRip\EZDock.exe
Wow6432Node-HKLM-Run-Easy Dock - (no file)
Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
c:\users\B-Websites\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Security Essentials.lnk - c:\program files\Microsoft Security Client\msseces.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
AddRemove-Blend_4.0.20525.0 - c:\users\B-Websites\Downloads\Screen Recorder\Blend 4\XSetup.exe
AddRemove-Design_7.0.20516.0 - c:\users\B-Websites\Downloads\Screen Recorder\Design 4\XSetup.exe
AddRemove-ExpressionStudio_4.0.20525.0 - c:\users\B-Websites\Downloads\Screen Recorder\Studio 4\XSetup.exe
AddRemove-particleIllusion 3.0.4 demo version_is1 - c:\users\ginzu\Pictures\PI\particleIllusion 3.0 demo\uninstall\unins000.exe
AddRemove-PFConfig - c:\users\ginzu\Pictures\PORT CHECKER\PFConfig\uninst.exe
AddRemove-Popims Animator - c:\program files (x86)\Popims\Popims Animator\Uninstall.exe
AddRemove-Web_4.0.1165.0 - c:\users\B-Websites\Downloads\Screen Recorder\Web 4\XSetup.exe
AddRemove-WinX HD Video Converter Deluxe_is1 - c:\users\B-Websites\Pictures\HDVIDEOCONVERTER\WinX_HD_Video_Converter_Deluxe\unins001.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\hasplms.exe
c:\windows\SysWOW64\StkASv2K.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-07-07  16:18:25 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-07 21:18
ComboFix2.txt  2011-09-20 18:08
.
Pre-Run: 534,454,865,920 bytes free
Post-Run: 534,084,534,272 bytes free
.
- - End Of File - - 1EBB0D965AB686EC19F09C815B5F5DA6
70E629B51C16B3C007730C6AE57144C9

Buffyanimated

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2013-07-06
Operating System : Windows 7 (64-bit)

View user profile

Back to top Go down

Re: Trojan:Win32/Sirefef.AB found by Windows Defender.

Post by Superdave on Mon 08 Jul 2013, 9:13 am

Hey Dave I need your help after running the ComboFix it wont let me open any of my browsers it says , "illegal operation that has been attempted on a registry key has been marked for deletion. " and it will not open any of my programs.
Re-boot your computer and that should go away.

Please download Rooter and Save it to your desktop.

  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

*******************************

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan:Win32/Sirefef.AB found by Windows Defender.

Post by Buffyanimated on Mon 08 Jul 2013, 9:15 pm

Okay Dave, my system is working again after the restart. I can click stuff.

I do have a question:
in the last Combofix scan I did I noticed at the end of the text document.
"
Pre-Run: 534,454,865,920 bytes free
Post-Run: 534,084,534,272 bytes free

"
Does that mean that it took 370,331,648 Bytes away from my computer by running the scan?




The owner of this computer strictly prohibited me from using Rooter because of the upside down pentagram with the ram's head inside, is there another program in which I can use?    Thanks, Dave.

How are my test results looking so far?

Below are my Roguekiller Logs.

RogueKiller V8.6.2 [Jul  5 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : [You must be registered and logged in to see this link.]
Website : [You must be registered and logged in to see this link.]
Blog : [You must be registered and logged in to see this link.]

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : B-Websites [Admin rights]
Mode : Scan -- Date : 07/08/2013 05:00:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST375052 8AS SCSI Disk Device +++++
--- User ---
[MBR] d32a4a7c2211341367c445e8670b414c
[BSP] 0ab89cd70909e9ed529d51ccc58818f4 : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12288 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25167872 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25372672 | Size: 703014 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_07082013_050054.txt >>

Buffyanimated

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2013-07-06
Operating System : Windows 7 (64-bit)

View user profile

Back to top Go down

Re: Trojan:Win32/Sirefef.AB found by Windows Defender.

Post by Superdave on Tue 09 Jul 2013, 6:36 am

I do have a question:
in the last Combofix scan I did I noticed at the end of the text document.
"
Pre-Run: 534,454,865,920 bytes free
Post-Run: 534,084,534,272 bytes free
"
Does that mean that it took 370,331,648 Bytes away from my computer by running the scan?
Yes, but that will return to normal once we remove ComboFix later.

The owner of this computer strictly prohibited me from using Rooter because of the upside down pentagram with the ram's head inside, is there another program in which I can use?
That's ok. We'll skip that one. I'm satisfied with the other scan. Please run RogueKiller again and delete those items.
How's your computer running now?


I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan:Win32/Sirefef.AB found by Windows Defender.

Post by Buffyanimated on Tue 09 Jul 2013, 7:57 am

Yes, but that will return to normal once we remove ComboFix later. wrote: SuperDave
    Okay, sounds awesome.
That's ok. We'll skip that one. I'm satisfied with the other scan. Please run RogueKiller again and delete those items. How's your computer running now? wrote:SuperDave
    My computer is running good as always, it was never running bad; I was just suspicious because my Windows Defender picked up the trojan. I still do not know whether it was a false positive or not. I wanted to keep my computer running fine tho, just in case.
    Okay, so you want me to delete the items in the RogueKiller, under which tabs? It has several tabs that I could delete stuff from, I want to make sure to follow your directions and not delete something I need.  After you respond and tell me which items to delete in RogueKiller, then I'll proceed with running the Online Scan from ESET.
    Thankyou for your understanding about skipping the Rooter scan.

Buffyanimated

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2013-07-06
Operating System : Windows 7 (64-bit)

View user profile

Back to top Go down

Re: Trojan:Win32/Sirefef.AB found by Windows Defender.

Post by Superdave on Tue 09 Jul 2013, 9:29 am

Okay, so you want me to delete the items in the RogueKiller, under which tabs? It has several tabs that I could delete stuff from, I want to make sure to follow your directions and not delete something I need. After you respond and tell me which items to delete in RogueKiller, then I'll proceed with running the Online Scan from ESET.
Run RogueKiller again and you should see four items with checkmarks on them. Just click on the delete button on the upper right hand cormer.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan:Win32/Sirefef.AB found by Windows Defender.

Post by Buffyanimated on Tue 09 Jul 2013, 4:52 pm

Yes, but that will return to normal once we remove ComboFix later. wrote:SuperDave
Hey Dave, the memory loss from Combofix is bugging me pretty bad, can you can assist me in removing Combofix now; so I'll get the Memory it took away back?

Okay ESET found 3 threats should I delete them all?

C:\Users\GM Project\Desktop\Softwares\Chrome\User Data\Default\Default\aadcgbgegcdcgbdhddgegbdidedjdagb\background.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Users\GM Project\Desktop\Softwares\Chrome\User Data\Default\Default\aadcgbgegcdcgbdhddgegbdidedjdagb\ContentScript.js Win32/TrojanDownloader.Tracur.AD trojan cleaned by deleting - quarantined
C:\Users\Sis\Downloads\mplayer_Setup.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined

Buffyanimated

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2013-07-06
Operating System : Windows 7 (64-bit)

View user profile

Back to top Go down

Re: Trojan:Win32/Sirefef.AB found by Windows Defender.

Post by Superdave on Wed 10 Jul 2013, 9:20 am

Okay ESET found 3 threats should I delete them all?
Yes, please delete them.

To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

**********************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*******************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan:Win32/Sirefef.AB found by Windows Defender.

Post by Buffyanimated on Wed 10 Jul 2013, 10:02 am

Thank you SuperDave, I appreciate your assistance. Goodbye for now.

Buffyanimated

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2013-07-06
Operating System : Windows 7 (64-bit)

View user profile

Back to top Go down

Re: Trojan:Win32/Sirefef.AB found by Windows Defender.

Post by Superdave on Wed 10 Jul 2013, 10:17 am

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan:Win32/Sirefef.AB found by Windows Defender.

Post by Sponsored content Today at 6:22 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum