Hi All
i am having some virus issues if you could please help.
Thanks
jayb
# AdwCleaner v3.015 - Report created 16/12/2013 at 12:02:27
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : abbeyfield - ABEXLT-JBOWDEN
# Running from : C:\Users\abbeyfield\Downloads\adwcleaner (1).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\abbeyfield\AppData\Roaming\Babylon
Folder Deleted : C:\Users\abbeyfield\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\abbeyfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
[!] Folder Deleted : C:\Users\abbeyfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\Tasks\EPUpdater.job
File Deleted : C:\Windows\System32\Tasks\ProtectedSearch
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_roxio-creator_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_roxio-creator_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E327B07A-0E11-4FD4-BEF2-B2C5605B59C6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E327B07A-0E11-4FD4-BEF2-B2C5605B59C6}]
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\AppDataLow\Software\simplytech
Key Deleted : HKLM\Software\DataMngr
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v
[ File : C:\Users\abbeyfield\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js ]
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\abbeyfield\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4347 octets] - [16/12/2013 11:59:12]
AdwCleaner[S0].txt - [3775 octets] - [16/12/2013 12:02:27]
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.16.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
abbeyfield :: ABEXLT-JBOWDEN [administrator]
16/12/2013 12:11:43
mbam-log-2013-12-16 (12-11-43).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 346337
Time elapsed: 2 hour(s), 36 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {90D7D925-6158-11E2-B07F-E4115BEF1C30} -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 17
C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\abbeyfield\AppData\Roaming\OpenCandy\777F50B546234C1495700F3E42994824\INTERNALWRAPPER.exe.vir (PUP.Optional.Searchprotect) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\abbeyfield\AppData\Roaming\OpenCandy\85634A2AEEA841EFA6462163FEB05C25\DeltaTB.exe.vir (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\BearShareSetup-r876-n-bc (1).exe (PUP.Optional.MusicToolbar.A) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\BearShareSetup-r876-n-bc.exe (PUP.Optional.MusicToolbar.A) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\Boy-Cried-Wolf-by-The-Feeling.exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\DOWNLOAD_Pete_Droge__-Under_The_Waves_-_(2006)_downloader_gb_99154.exe (PUP.Optional.GoForFiles.A) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\download_torntv (1).exe (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\download_torntv.exe (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\Free_Range_The_Mutton_Birds_downloader_gb_99260.exe (PUP.Optional.ExpressFiles.A) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\SetupImgBurn_2.5.8.0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\SoftonicDownloader_for_deepburner.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\SoftonicDownloader_for_roxio-creator.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\Teenage Fanclub - Shadows.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\VideoWebPlayer.exe (PUP.Optional.Montiera) -> Quarantined and deleted successfully.
C:\Windows\Installer\38feaf.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Windows\Installer\MSIB10C.tmp (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
(end)
Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Business Edition 2011
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Adobe Flash Player 11.9.900.152
Adobe Reader 10.1.8 Adobe Reader out of Date!
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
AVG avgtray.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
i am having some virus issues if you could please help.
Thanks
jayb
# AdwCleaner v3.015 - Report created 16/12/2013 at 12:02:27
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : abbeyfield - ABEXLT-JBOWDEN
# Running from : C:\Users\abbeyfield\Downloads\adwcleaner (1).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\abbeyfield\AppData\Roaming\Babylon
Folder Deleted : C:\Users\abbeyfield\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\abbeyfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
[!] Folder Deleted : C:\Users\abbeyfield\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\Tasks\EPUpdater.job
File Deleted : C:\Windows\System32\Tasks\ProtectedSearch
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_roxio-creator_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_roxio-creator_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E327B07A-0E11-4FD4-BEF2-B2C5605B59C6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E327B07A-0E11-4FD4-BEF2-B2C5605B59C6}]
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\AppDataLow\Software\simplytech
Key Deleted : HKLM\Software\DataMngr
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v
[ File : C:\Users\abbeyfield\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js ]
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\abbeyfield\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4347 octets] - [16/12/2013 11:59:12]
AdwCleaner[S0].txt - [3775 octets] - [16/12/2013 12:02:27]
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.16.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
abbeyfield :: ABEXLT-JBOWDEN [administrator]
16/12/2013 12:11:43
mbam-log-2013-12-16 (12-11-43).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 346337
Time elapsed: 2 hour(s), 36 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {90D7D925-6158-11E2-B07F-E4115BEF1C30} -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 17
C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\abbeyfield\AppData\Roaming\OpenCandy\777F50B546234C1495700F3E42994824\INTERNALWRAPPER.exe.vir (PUP.Optional.Searchprotect) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\abbeyfield\AppData\Roaming\OpenCandy\85634A2AEEA841EFA6462163FEB05C25\DeltaTB.exe.vir (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\BearShareSetup-r876-n-bc (1).exe (PUP.Optional.MusicToolbar.A) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\BearShareSetup-r876-n-bc.exe (PUP.Optional.MusicToolbar.A) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\Boy-Cried-Wolf-by-The-Feeling.exe (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\DOWNLOAD_Pete_Droge__-Under_The_Waves_-_(2006)_downloader_gb_99154.exe (PUP.Optional.GoForFiles.A) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\download_torntv (1).exe (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\download_torntv.exe (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\Free_Range_The_Mutton_Birds_downloader_gb_99260.exe (PUP.Optional.ExpressFiles.A) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\SetupImgBurn_2.5.8.0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\SoftonicDownloader_for_deepburner.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\SoftonicDownloader_for_roxio-creator.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\Teenage Fanclub - Shadows.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Users\abbeyfield\Downloads\VideoWebPlayer.exe (PUP.Optional.Montiera) -> Quarantined and deleted successfully.
C:\Windows\Installer\38feaf.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Windows\Installer\MSIB10C.tmp (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
(end)
Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Business Edition 2011
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Adobe Flash Player 11.9.900.152
Adobe Reader 10.1.8 Adobe Reader out of Date!
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
AVG avgtray.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````