Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected with bProtector

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected with bProtector

Unread postby CrisG » February 27th, 2014, 2:36 pm

viewtopic.php?f=11&t=62599

Using Skype to make a call or going to websites with Flash, cause the programs to freeze and/or crash. Audio driver ceases to work occasionally. Used Malwarebytes and it found PUP.bProtector.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2
Run by CRISTINA at 13:32:29 on 2014-02-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12255.7700 [GMT -5:00]
.
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dn ... 162148&ir=
mWinlogon: Userinit = userinit.exe
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} -
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
StartupFolder: C:\Users\CRISTINA\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0D35918F-046F-42CC-A270-3EA5758CC45E} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\progra~3\bprote~1\261519~1.190\{eab34~1\protec~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
FF - ExtSQL: 2014-01-07 21:52; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2014-01-07 21:52; {5C655500-E712-41e7-9349-CE462F844B19}; C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
FF - ExtSQL: 2014-01-07 21:52; autofillForms@blueimp.net; C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\autofillForms@blueimp.net.xpi
FF - ExtSQL: 2014-01-14 12:54; {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}; C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
FF - ExtSQL: 2014-01-27 15:23; jid1-pFvSABavHgXrRQ@jetpack; C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\jid1-pFvSABavHgXrRQ@jetpack.xpi
FF - ExtSQL: 2014-02-15 22:30; {7b1bf0b6-a1b9-42b0-b75d-252036438bdc}; C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-7 55856]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2012-3-11 22736]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-3-11 584056]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-21 24608]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2013-4-24 410008]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2013-4-24 102808]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
R3 LVUVC64;Logitech HD Webcam C615(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2012-1-18 4763680]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-2-3 115272]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-29 39200]
S2 bProtector;bProtector;C:\ProgramData\bProtectorForWindows\2.6.1519.190\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe --> C:\ProgramData\bProtectorForWindows\2.6.1519.190\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-18 37344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-19 111616]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-8 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-8 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-8 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);C:\Windows\System32\drivers\vasdDev.sys [2012-5-17 1454896]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-7 1255736]
S4 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-3-26 49152]
S4 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-6 13592]
S4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-4-6 133800]
S4 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-12 1593632]
S4 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-12 16939296]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
S4 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2013-10-18 16000]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-6 2656280]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"
.
=============== Created Last 30 ================
.
2014-02-27 10:21:21 -------- d-----w- C:\MGADiagToolOutput
2014-02-26 22:31:58 -------- d-----w- C:\FRST
2014-02-26 22:30:14 -------- d-----w- C:\RegBackup
2014-02-26 22:29:52 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-02-22 15:34:24 -------- d-----w- C:\AdwCleaner
2014-02-22 11:55:59 -------- d-----r- C:\Program Files (x86)\Skype
2014-02-22 10:20:32 272496 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-02-19 02:16:24 -------- d-----w- C:\ProgramData\Damned
2014-02-19 02:16:00 -------- d-----w- C:\Python27
2014-02-09 08:52:42 -------- d-----w- C:\Users\CRISTINA\AppData\Roaming\Mp3tag
2014-02-09 08:52:15 -------- d-----w- C:\Program Files (x86)\Mp3tag
2014-02-07 22:56:34 -------- d-----w- C:\Users\CRISTINA\AppData\Roaming\JRT Studio
2014-02-07 22:56:30 -------- d-----w- C:\Program Files (x86)\JRT Studio
2014-02-07 19:52:59 -------- d-----w- C:\Program Files\iPod
2014-02-07 19:52:58 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-07 19:52:58 -------- d-----w- C:\Program Files\iTunes
2014-02-07 19:52:58 -------- d-----w- C:\Program Files (x86)\iTunes
2014-01-29 10:59:13 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-01-29 10:59:13 33056 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-01-29 03:12:04 -------- d-----w- C:\Users\CRISTINA\AppData\Roaming\uTorrent
.
==================== Find3M ====================
.
2014-02-22 10:19:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-22 10:19:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-22 13:52:10 206080 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2014-01-22 13:52:10 108800 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2014-01-21 02:53:40 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-01-21 02:53:29 1179576 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-01-19 07:33:29 270496 ----a-w- C:\Windows\System32\MpSigStub.exe
2013-12-27 18:42:16 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-12-19 18:53:46 6671648 ----a-w- C:\Windows\System32\nvcpl.dll
2013-12-19 18:53:46 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-12-19 18:53:44 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-12-19 18:53:44 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-12-19 18:53:44 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2013-12-19 17:20:22 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-12-19 05:01:48 3539040 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-12-19 02:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-11 22:26:06 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\SETA17.tmp
.
============= FINISH: 13:32:57.20 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume4
Install Date: 4/6/2012 6:11:20 AM
System Uptime: 2/27/2014 11:21:53 AM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8Z68-V PRO GEN3
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | LGA1155 | 1584/100mhz
.
==== Disk Partitions =========================
.
A: is FIXED (NTFS) - 932 GiB total, 238.056 GiB free.
B: is FIXED (NTFS) - 932 GiB total, 604.949 GiB free.
C: is FIXED (NTFS) - 119 GiB total, 38.137 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 0.007 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: High Definition Audio Device
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_10438410&REV_1003\4&2CB35CC7&0&0001
Manufacturer: Microsoft
Name: High Definition Audio Device
PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_10438410&REV_1003\4&2CB35CC7&0&0001
Service: HdAudAddService
.
==== System Restore Points ===================
.
RP414: 2/27/2014 11:15:10 AM - Removed Microsoft Office Professional Plus 2010
RP415: 2/27/2014 11:19:17 AM - Removed Play withSIX.
RP416: 2/27/2014 11:25:55 AM - Removed ArcSoft TotalMedia Theatre 5
RP417: 2/27/2014 11:27:46 AM - Removed Rosetta Stone Version 3
RP418: 2/27/2014 12:39:48 PM - Removed TheSims3SP8
RP419: 2/27/2014 12:40:23 PM - Removed The Sims 3 Ambitions
RP420: 2/27/2014 12:42:08 PM - Removed TheSims3EP4
RP421: 2/27/2014 12:50:42 PM - Removed TheSims3SP7
RP422: 2/27/2014 12:52:31 PM - Removed The Sims 3 Fast Lane Stuff
RP423: 2/27/2014 12:53:52 PM - Removed The Sims 3 High-End Loft Stuff
RP424: 2/27/2014 12:54:46 PM - Removed The Sims 3 Late Night
RP425: 2/27/2014 12:56:21 PM - Removed The Sims 3 Master Suite Stuff
RP426: 2/27/2014 12:57:43 PM - Removed The Sims 3 Outdoor Living Stuff
RP427: 2/27/2014 12:59:15 PM - Removed TheSims3EP5
RP428: 2/27/2014 1:00:20 PM - Removed TheSims3EP8
RP429: 2/27/2014 1:01:14 PM - Removed TheSims3EP6
RP430: 2/27/2014 1:02:01 PM - Removed TheSims3EP7
RP431: 2/27/2014 1:03:00 PM - Removed The Sims 3 Town Life Stuff
RP432: 2/27/2014 1:04:18 PM - Removed TheSims3EP9
RP433: 2/27/2014 1:06:05 PM - Removed The Sims 3 World Adventures
RP434: 2/27/2014 1:08:07 PM - Removed The Sims 3
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
A Virus Named TOM
Ace of Spades
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adventures of Shuggy
Age of Empires Online
And Yet It Moves
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARMA 2 Dedicated Server
Ascension: Deckbuilding Game
Asmedia ASM104x USB 3.0 Host Controller Driver
Atom Zombie Smasher
Audacity 2.0
Bastion
Batman: Arkham City™
Battle.net
BattlEye for OA Uninstall
BattlEye Uninstall
BIT.TRIP BEAT
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien
BIT.TRIP RUNNER
Botanicula
CameraHelperMsi
Castle Crashers
Cave Story+
Cogs
Comodo Dragon
COMODO GeekBuddy
COMODO Internet Security
Counter-Strike: Source Beta
Crayon Physics Deluxe
DayZ Commander
DivX Setup
Don't Starve
Dual-Core Optimizer
Dungeon Defenders
Dungeons of Dredmor
Electronic Super Joy
erLT
ERUNT 1.1j
Escape Goat
EVGA OC Scanner X 2.0.1
EVGA Precision 2.0.4
FINAL FANTASY XIV - A Realm Reborn
FTL: Faster Than Light
Garry's Mod
GeForce Experience NvStream Client Components
Google Chrome
Google Update Helper
Gratuitous Space Battles
Guacamelee! Gold Edition
Gyazo 2.0.2
Half-Life
Half-Life 2
Half-Life: Source
Hammerfight
Hearthstone
Hewlett-Packard ACLM.NET v1.1.0.0
HOARD
HP FWUpdateEDO2
HP Photosmart 6510 series Basic Device Software
HP Product Detection
HP Update
HPDiagnosticAlert
iCloud
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Network Connections 15.6.25.0
Intel(R) Rapid Storage Technology
iSyncr
iTunes
Jamestown
Java 7 Update 51
Java Auto Updater
JMicron JMB36X Driver
Jolly Rover
Killing Floor
LAME v3.99.3 (for Windows)
Left 4 Dead 2
LIMBO
Logitech Gaming Software
Logitech Gaming Software 8.51
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Machinarium
MagicDisc 2.7.106
Magicka
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Mouse and Keyboard Center
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft WSE 3.0 Runtime
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Monaco
MotioninJoy Gamepad tool 0.7.0000
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.58
Mumble 1.2.4
NightSky
NVIDIA 3D Vision Controller Driver 332.21
NVIDIA 3D Vision Driver 332.21
NVIDIA Control Panel 332.21
NVIDIA GeForce Experience 1.8.2
NVIDIA Graphics Driver 332.21
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 11.10.11
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 11.10.11
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.20
NyxQuest
OpenAL
Orcs Must Die!
Origin
Osmos
osu!
Papers, Please
Papo & Yo
PixelJunk Eden
Plants vs. Zombies: Game of the Year
Poker Night at the Inventory
Portal
Portal 2
Psychonauts
PxMergeModule
Q.U.B.E.
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Revenge of the Titans
Sam & Max 101: Culture Shock
Sam & Max 102: Situation: Comedy
Sam & Max 103: The Mole, the Mob and the Meatball
Sam & Max 104: Abe Lincoln Must Die!
Sam & Max 105: Reality 2.0
Sam & Max 106: Bright Side of the Moon
Sam & Max 201: Ice Station Santa
Samorost 2
SAMSUNG USB Driver for Mobile Phones
Seagate Dashboard 2.0
Sequence
Shank
SHIELD Streaming
Shroud of the Avatar
Sid Meier's Civilization V
SimCity™
Skype™ 6.9
Small World 2
Software Version Updater
Source SDK
Source SDK Base 2006
Source SDK Base 2007
Source SDK Base 2013 Multiplayer
Source SDK Base 2013 Singleplayer
SpaceChem
Steam
Steel Storm: Burning Retribution
Super Meat Boy
Surgeon Simulator 2013
swMSM
Swords and Soldiers HD
System Shock 2
Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
Team Fortress 2
The Binding Of Isaac
The Clockwork Man
The Clockwork Man: The Hidden World
The Secret of Monkey Island: Special Edition
The Walking Dead
Ticket to Ride
Torchlight II
TRAUMA
Trials Evolution Gold Edition
Trine
Trine 2
Tropic Euro
Tweaking.com - Registry Backup
Unstoppable Gorg
Uplay
VC80CRTRedist - 8.0.50727.6195
Vertex Dispenser
VLC media player 2.1.3
VVVVVV
Warlock - Master of the Arcane
WARP
Windows Live ID Sign-in Assistant
WinRAR 4.20 (32-bit)
Wizorb
World of Goo
.
==== Event Viewer Messages From Past Week ========
.
2/27/2014 11:22:05 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mv91xx
2/27/2014 11:22:04 AM, Error: Service Control Manager [7000] - The bProtector service failed to start due to the following error: The system cannot find the file specified.
2/22/2014 3:26:35 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.
2/20/2014 12:03:22 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
.
==== End Of File ===========================
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm
Advertisement
Register to Remove

Re: Infected with bProtector

Unread postby Gary R » February 27th, 2014, 5:06 pm

Please run a new scan with CKScanner.

  • Doubleclick CKScanner.exe to launch it.
  • Click Search For Files.
  • After a couple minutes a list will appear in the panel to the right.
  • Click Save List To File.
  • A message box will verify the file saved.
  • Close CKScanner.
  • Copy/paste the contents of the new ckfiles.txt in your next reply please (it will be on your Desktop).
  • Please run the program once only.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected with bProtector

Unread postby CrisG » February 27th, 2014, 5:08 pm

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.OAFAB0
----- EOF -----
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm

Re: Infected with bProtector

Unread postby Gary R » February 28th, 2014, 5:17 am

OK, now we've got rid of the cracked programs (which were probably where you picked your infection up from), let's get started cleaning your machine.

First ...

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following (if still present):

µTorrent
BitTorrent
ERUNT 1.1j


Use of P2P/Torrent programs is the quickest way to contract an infection that I know .... viewtopic.php?p=491394#p491394

ERUNT is not compatible with 64 bit Windows 7, which is why we use Tweaking.com Registry Backup to backup your registry instead.

Reboot your computer once those programs have all been uninstalled.

Next ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and clcik Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (don't include Code: Select all)
Code: Select all
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\MZRYSB0U\www.whitesmokeReg: Reg.exe delete "1".xml
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\78W25NTB\search.conduitReg: Reg.exe delete "1".xml
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\78W25NTB\storage.conduitReg: Reg.exe delete "1".xml
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\PQW9Y62A\facebook.conduitappsReg: Reg.exe delete "1".xml
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\XT85R5BZ\app.mam.conduitReg: Reg.exe delete "1".xm
C:\Program Files (x86)\Conduit
C:\Users\CRISTINA\AppData\Local\Conduit
C:\Users\CRISTINA\AppData\LocalLow\Conduit
C:\Users\CRISTINA\AppData\Roaming\BabSolution
Reg: Reg.exe delete "HKEY_CURRENT_USER\Software\DataMngr"
Reg: Reg.exe delete "HKEY_CURRENT_USER\Software\DataMngr_Toolbar"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr"
Reg: Reg.exe delete "HKEY_USERS\.DEFAULT\Software\DataMngr"
Reg: Reg.exe delete "HKEY_USERS\.DEFAULT\Software\DataMngr_Toolbar"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\DataMngr"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\DataMngr_Toolbar"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-18\Software\DataMngr"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-18\Software\DataMngr_Toolbar"
Reg: Reg.exe delete "HKEY_CURRENT_USER\Software\Trolltech"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Babylon"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\Babylon Client"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{98889811-442D-49dd-99D7-DC866BE87DBC}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASAPI32"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASMANCS"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}"
Reg: Reg.exe delete "HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit"
Reg: Reg.exe delete "HKEY_CURRENT_USER\Software\AppDataLow\Software\ConduitSearchScopes"
Reg: Reg.exe delete "HKEY_CURRENT_USER\Software\Conduit"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Conduit"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\AppDataLow\Software\Conduit"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\AppDataLow\Software\ConduitSearchScopes"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Conduit"
Reg: Reg.exe delete "HKEY_CURRENT_USER\Software\BabSolution"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\BabSolution"
HKU\S-1-5-21-3706433607-4152841657-1845436021-1000\...\MountPoints2: {67e88340-7fe9-11e1-81ef-806e6f6e6963} - D:\autorun.exe
AppInit_DLLs-x32: c:\progra~3\bprote~1\261519~1.190\{eab34~1\protec~1.dll => "c:\progra~3\bprote~1\261519~1.190\{eab34~1\protec~1.dll" File Not Found
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dn ... 162148&ir=
SearchScopes: HKLM-x32 - DefaultScope {DF343BF4-A8D3-427C-B9CC-5A133435EF4C} URL =
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q= {searchTerms}&st=12&crg=3.5000006.10043&barid={0BBE418D-8636-11E2-B65A-C8600032FF3B}
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll No File
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
CHR Extension: (Delta Toolbar) - C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-12-13]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\CRISTINA\AppData\Local\mysearchdial-speeddial.crx [2013-12-13]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\CRISTINA\AppData\Local\mysearchdial-speeddial.crx [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\CRISTINA\AppData\Roaming\BabSolution\CR\Delta.crx [2013-05-26]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2013-04-16]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\CRISTINA\AppData\Local\mysearchdial-speeddial.crx [2013-04-16]
S2 bProtector; C:\ProgramData\bProtectorForWindows\2.6.1519.190\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe [X]
2014-01-28 22:13 - 2014-01-28 22:13 - 00000837 _____ () C:\Users\CRISTINA\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-28 22:12 - 2014-01-29 05:57 - 00000000 ____D () C:\Users\CRISTINA\AppData\Roaming\uTorrent

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe.

Summary of the logs I need from you in your next post:
  • AdwCleaner[s1].txt
  • fixlog.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected with bProtector

Unread postby CrisG » February 28th, 2014, 6:27 am

# AdwCleaner v3.020 - Report created 28/02/2014 at 05:22:10
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : CRISTINA - CRISTINA-PC
# Running from : C:\Users\CRISTINA\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : bProtector

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\bProtectorForWindows
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\file scout
Folder Deleted : C:\Program Files (x86)\myfree codec
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\CRISTINA\AppData\Local\Conduit
Folder Deleted : C:\Users\CRISTINA\AppData\Local\PackageAware
Folder Deleted : C:\Users\CRISTINA\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\CRISTINA\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\CRISTINA\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\CRISTINA\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\CRISTINA\AppData\Roaming\file scout
Folder Deleted : C:\Users\CRISTINA\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
File Deleted : C:\END
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp
File Deleted : C:\Windows\System32\Tasks\bProtector

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKCU\Software\5253ddd1e734ef12
Key Deleted : HKLM\SOFTWARE\5253ddd1e734ef12
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\caphyon
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Updater By Sweetpacks
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\prefs.js ]


-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [15514 octets] - [22/02/2014 10:34:45]
AdwCleaner[R1].txt - [15575 octets] - [22/02/2014 10:52:23]
AdwCleaner[R2].txt - [15456 octets] - [27/02/2014 11:36:10]
AdwCleaner[R3].txt - [15517 octets] - [28/02/2014 05:21:23]
AdwCleaner[S0].txt - [14712 octets] - [28/02/2014 05:22:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14773 octets] ##########
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm

Re: Infected with bProtector

Unread postby CrisG » February 28th, 2014, 6:28 am

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-02-2014 02
Ran by CRISTINA at 2014-02-28 05:26:59 Run:1
Running from C:\Users\CRISTINA\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\MZRYSB0U\www.whitesmokeReg: Reg.exe delete "1".xml
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\78W25NTB\search.conduitReg: Reg.exe delete "1".xml
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\78W25NTB\storage.conduitReg: Reg.exe delete "1".xml
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\PQW9Y62A\facebook.conduitappsReg: Reg.exe delete "1".xml
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\XT85R5BZ\app.mam.conduitReg: Reg.exe delete "1".xm
C:\Program Files (x86)\Conduit
C:\Users\CRISTINA\AppData\Local\Conduit
C:\Users\CRISTINA\AppData\LocalLow\Conduit
C:\Users\CRISTINA\AppData\Roaming\BabSolution
Reg: Reg.exe delete "HKEY_CURRENT_USER\Software\DataMngr"
Reg: Reg.exe delete "HKEY_CURRENT_USER\Software\DataMngr_Toolbar"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr"
Reg: Reg.exe delete "HKEY_USERS\.DEFAULT\Software\DataMngr"
Reg: Reg.exe delete "HKEY_USERS\.DEFAULT\Software\DataMngr_Toolbar"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\DataMngr"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\DataMngr_Toolbar"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-18\Software\DataMngr"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-18\Software\DataMngr_Toolbar"
Reg: Reg.exe delete "HKEY_CURRENT_USER\Software\Trolltech"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Babylon"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\Babylon Client"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{98889811-442D-49dd-99D7-DC866BE87DBC}" /f
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASAPI32"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASMANCS"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}"
Reg: Reg.exe delete "HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit"
Reg: Reg.exe delete "HKEY_CURRENT_USER\Software\AppDataLow\Software\ConduitSearchScopes"
Reg: Reg.exe delete "HKEY_CURRENT_USER\Software\Conduit"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Conduit"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\AppDataLow\Software\Conduit"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\AppDataLow\Software\ConduitSearchScopes"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Conduit"
Reg: Reg.exe delete "HKEY_CURRENT_USER\Software\BabSolution"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\BabSolution"
HKU\S-1-5-21-3706433607-4152841657-1845436021-1000\...\MountPoints2: {67e88340-7fe9-11e1-81ef-806e6f6e6963} - D:\autorun.exe
AppInit_DLLs-x32: c:\progra~3\bprote~1\261519~1.190\{eab34~1\protec~1.dll => "c:\progra~3\bprote~1\261519~1.190\{eab34~1\protec~1.dll" File Not Found
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dn ... 162148&ir=
SearchScopes: HKLM-x32 - DefaultScope {DF343BF4-A8D3-427C-B9CC-5A133435EF4C} URL =
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q= {searchTerms}&st=12&crg=3.5000006.10043&barid={0BBE418D-8636-11E2-B65A-C8600032FF3B}
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll No File
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
CHR Extension: (Delta Toolbar) - C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-12-13]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\CRISTINA\AppData\Local\mysearchdial-speeddial.crx [2013-12-13]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\CRISTINA\AppData\Local\mysearchdial-speeddial.crx [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\CRISTINA\AppData\Roaming\BabSolution\CR\Delta.crx [2013-05-26]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2013-04-16]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\CRISTINA\AppData\Local\mysearchdial-speeddial.crx [2013-04-16]
S2 bProtector; C:\ProgramData\bProtectorForWindows\2.6.1519.190\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe [X]
2014-01-28 22:13 - 2014-01-28 22:13 - 00000837 _____ () C:\Users\CRISTINA\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-28 22:12 - 2014-01-29 05:57 - 00000000 ____D () C:\Users\CRISTINA\AppData\Roaming\uTorrent

*****************

"C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\MZRYSB0U\www.whitesmokeReg: Reg.exe delete 1".xml" => File/Directory not found.
"C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\78W25NTB\search.conduitReg: Reg.exe delete 1".xml" => File/Directory not found.
"C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\78W25NTB\storage.conduitReg: Reg.exe delete 1".xml" => File/Directory not found.
"C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\PQW9Y62A\facebook.conduitappsReg: Reg.exe delete 1".xml" => File/Directory not found.
"C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\XT85R5BZ\app.mam.conduitReg: Reg.exe delete 1".xm" => File/Directory not found.
"C:\Program Files (x86)\Conduit" => File/Directory not found.
"C:\Users\CRISTINA\AppData\Local\Conduit" => File/Directory not found.
"C:\Users\CRISTINA\AppData\LocalLow\Conduit" => File/Directory not found.
"C:\Users\CRISTINA\AppData\Roaming\BabSolution" => File/Directory not found.

========= Reg.exe delete "HKEY_CURRENT_USER\Software\DataMngr" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\DataMngr (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_CURRENT_USER\Software\DataMngr_Toolbar" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\.DEFAULT\Software\DataMngr" =========

Permanently delete the registry key HKEY_USERS\.DEFAULT\Software\DataMngr (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\.DEFAULT\Software\DataMngr_Toolbar" =========

Permanently delete the registry key HKEY_USERS\.DEFAULT\Software\DataMngr_Toolbar (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\DataMngr" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\DataMngr (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\DataMngr_Toolbar" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\DataMngr_Toolbar (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-18\Software\DataMngr" =========

Permanently delete the registry key HKEY_USERS\S-1-5-18\Software\DataMngr (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-18\Software\DataMngr_Toolbar" =========

Permanently delete the registry key HKEY_USERS\S-1-5-18\Software\DataMngr_Toolbar (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_CURRENT_USER\Software\Trolltech" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Trolltech (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Babylon" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Babylon (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\Babylon Client" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\Babylon Client (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{98889811-442D-49dd-99D7-DC866BE87DBC}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASAPI32" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASAPI32 (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASMANCS" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASMANCS (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_CURRENT_USER\Software\AppDataLow\Software\ConduitSearchScopes" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\ConduitSearchScopes (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_CURRENT_USER\Software\Conduit" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Conduit (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Conduit" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Conduit (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\AppDataLow\Software\Conduit" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\AppDataLow\Software\Conduit (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\AppDataLow\Software\ConduitSearchScopes" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\AppDataLow\Software\ConduitSearchScopes (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Conduit" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Conduit (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_CURRENT_USER\Software\BabSolution" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\BabSolution (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg.exe delete "HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\BabSolution" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\BabSolution (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67e88340-7fe9-11e1-81ef-806e6f6e6963} => Key not found.
HKCR\CLSID\{67e88340-7fe9-11e1-81ef-806e6f6e6963} => Key not found.
"c:\\progra~3\\bprote~1\\261519~1.190\\{eab34~1\\protec~1.dll" => Value Data removed successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} => Key not found.
HKCR\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} => Unable to delete value
HKCR\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} => Key not found.
C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key not found.
"C:\Users\CRISTINA\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key not found.
"C:\Users\CRISTINA\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde => Key not found.
"C:\Users\CRISTINA\AppData\Roaming\BabSolution\CR\Delta.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj => Key not found.
"C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key not found.
"C:\Users\CRISTINA\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
bProtector => Service not found.
"C:\Users\CRISTINA\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk" => File/Directory not found.
C:\Users\CRISTINA\AppData\Roaming\uTorrent => Moved successfully.

==== End of Fixlog ====
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm

Re: Infected with bProtector

Unread postby Gary R » February 28th, 2014, 12:50 pm

Looking good so far.

I need you to run another scan for me now ....

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Also, please let me know how your computer is behaving now.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected with bProtector

Unread postby CrisG » March 1st, 2014, 1:06 pm

Results:
A:\Documents\Downloads\switchsetup.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application

Current condition:
-Websites using Flash were working after my computer restarted and then Shockwave Flash started to crash them all.
-Once the Flash begins crashing, when I open a video or song file using Windows Media Player, or any other player, it opens but doesn't play.
-Internet Explorer opens with a blank page and the selections in the Tool section are mostly greyed out and unclickable. The only way I'm able to get it to connect to work and go to the internet is to put "iexplore.exe -extoff" as a Run command.
-Skype is able to successfully log-in but all my contacts say offline, when I know they're not, and in the notification area of the taskbar it shows "Skype (Connecting) with a spinning circle that doesn't disappear.
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm

Re: Infected with bProtector

Unread postby CrisG » March 1st, 2014, 1:13 pm

Forgot to mention that after quitting Skype and Internet Explorer, they do not disappear from the Processes tab of the Windows Task Manager.
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm

Re: Infected with bProtector

Unread postby Gary R » March 1st, 2014, 1:37 pm

We'll come back to the Skype and IE issues in a while, for the moment I'd like to see if we can resolve the Flash issue, since it may be the root cause of the other problems.

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin


Reboot your computer after bth have been uninstalled.

Next ...

Since you currently have a copy of OTL on your computer, please do the following for me ....

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box (don't include Code: Select all).
Code: Select all
:Files
A:\Documents\Downloads\switchsetup.exe
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next ...

Now download and install a new copy of Flash ... http://get.adobe.com/flashplayer/

Let me know how your computer is behaving now please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected with bProtector

Unread postby CrisG » March 1st, 2014, 2:11 pm

All processes killed
========== FILES ==========
A:\Documents\Downloads\switchsetup.exe moved successfully.
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\CRISTINA\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: CRISTINA
->Temp folder emptied: 1164239541 bytes
->Temporary Internet Files folder emptied: 263212768 bytes
->Java cache emptied: 25213280 bytes
->FireFox cache emptied: 410868474 bytes
->Google Chrome cache emptied: 40773140 bytes
->Flash cache emptied: 2260 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 35104 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 796844631 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50461 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,576.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 03012014_125104

Files\Folders moved on Reboot...
C:\Users\CRISTINA\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm

Re: Infected with bProtector

Unread postby CrisG » March 1st, 2014, 2:21 pm

Currently, websites with Flash are working and I can open videos and music.

When I opened Skype it took a minute but it connected and the contacts were online. I quit Skype, it stayed in Processes so I ended it, restarted it, but it wouldn't connect properly and my contacts stayed offline.

Internet Explorer still opens blank, won't go to websites when I enter them, and stays in Processes.
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm

Re: Infected with bProtector

Unread postby Gary R » March 1st, 2014, 3:35 pm

For your Skype problems, try using a similar process to the one we just used with Flash ....

  • Uninstall Skype
  • Reboot your computer
  • Re-install a new clean copy of Skype

As for Internet Explorer ...

Try the troubleshooting tips in the following article ... viewtopic.php?p=588793#p588793 ... and let me know if you're still having problems with IE.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Infected with bProtector

Unread postby CrisG » March 1st, 2014, 4:23 pm

I reset IE to it's defaults and it now seems to be working.

I uninstalled, rebooted, and reinstalled Skype but it still shows all of my contacts as being offline, continues to try to connect in the notification section of the taskbar, and does not disappear from Processes when I quit.

Tested some other programs:
Mumble opens and works properly, but after quitting stays in processes.
Osu shows the loading picture but has frozen.
iTunes and Audacity do not open when selected, but show in Processes.

Something I have done has now caused Flash to start crashing again and Windows Media Player now freezes when it is opened to play a video.
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm

Re: Infected with bProtector

Unread postby Gary R » March 1st, 2014, 7:03 pm

OK, let's see if your computer has logged anything that might explain why your applications are behaving this way ....

Please download MiniToolBox to your Desktop.

  • Double click MiniToolBox.exe to launch the program.
  • Checkmark the following checkboxes:
    • List last 10 Event Viewer Errors
    • List Minidump Files
  • Click Go to start the scan.
  • When finished a log Result.txt will open.
  • Please post it in your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware