Crss.exe virus
Closed
kicsipup
Posts
5
Registration date
Wednesday March 27, 2013
Status
Member
Last seen
March 28, 2013
-
Mar 27, 2013 at 02:16 PM
kicsipup Posts 5 Registration date Wednesday March 27, 2013 Status Member Last seen March 28, 2013 - Mar 28, 2013 at 07:59 PM
kicsipup Posts 5 Registration date Wednesday March 27, 2013 Status Member Last seen March 28, 2013 - Mar 28, 2013 at 07:59 PM
Related:
- Crss virus
- Goose virus - Download - Other
- Can jpg have virus - Guide
- Online virus scan - Guide
- Ntuser.dat virus - Guide
- Chrome redirect virus - Guide
5 responses
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Mar 27, 2013 at 04:54 PM
Mar 27, 2013 at 04:54 PM
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.
1. Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix at the next step).
4. Double click on the short cut ZHPDiag on your Destktop.
5. Click on the green arrow to ensure you have the latest version. Click on the eyedropper icon and ensure all of the items are checked.
6. Click on the Magnifying glass with the + sign and run the analysis.
Wait for the tool to finished (maybe a long time)
7. Close ZHPDiag.
8. To transmit the report, click on this link :
https://authentification.site
9. Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
10. Select the file ZHPDiag.txt.
11. Click on "upload »
12. Copy the URL and post it here.
Best regards
Ambucias
Moderator /Security Contributor
1. Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix at the next step).
4. Double click on the short cut ZHPDiag on your Destktop.
5. Click on the green arrow to ensure you have the latest version. Click on the eyedropper icon and ensure all of the items are checked.
6. Click on the Magnifying glass with the + sign and run the analysis.
Wait for the tool to finished (maybe a long time)
7. Close ZHPDiag.
8. To transmit the report, click on this link :
https://authentification.site
9. Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
10. Select the file ZHPDiag.txt.
11. Click on "upload »
12. Copy the URL and post it here.
Best regards
Ambucias
Moderator /Security Contributor
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Mar 27, 2013 at 06:26 PM
Mar 27, 2013 at 06:26 PM
Hello,
Your system is badly infected and as I must leave for 10 hours, we may not be able to finish the job tonight.
Crss is a generic type of virus which designates many viruses such as you have.
1. First follow these instructions to remove Babylon:
http://ccm.net/faq/14594-how-to-get-rid-of-babylon-search-toolbar
2. Download the following Adwcleaner created by Xplode
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
3.Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
4.Post the log C:\Adwcleaner[Sx].txt on this thread.
5. Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
Ensure you make an update.
Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.
If Malwarebyte restarts your system, launch it again to finish the Full scan.
When the scan is completed, delete all items found.
Please post the log here.
Good luck and I will catch-up to you tomorrow.
Your system is badly infected and as I must leave for 10 hours, we may not be able to finish the job tonight.
Crss is a generic type of virus which designates many viruses such as you have.
1. First follow these instructions to remove Babylon:
http://ccm.net/faq/14594-how-to-get-rid-of-babylon-search-toolbar
2. Download the following Adwcleaner created by Xplode
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
3.Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
4.Post the log C:\Adwcleaner[Sx].txt on this thread.
5. Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
Ensure you make an update.
Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.
If Malwarebyte restarts your system, launch it again to finish the Full scan.
When the scan is completed, delete all items found.
Please post the log here.
Good luck and I will catch-up to you tomorrow.
kicsipup
Posts
5
Registration date
Wednesday March 27, 2013
Status
Member
Last seen
March 28, 2013
Mar 28, 2013 at 09:33 AM
Mar 28, 2013 at 09:33 AM
Hy!
I followed the instructions but unfortunately the crss.exe is still here:(
Here's the 2 results:
http://speedy.sh/YRnyb/mbam-log-2013-03-28-12-48-16.txt
thanks again:)
I followed the instructions but unfortunately the crss.exe is still here:(
Here's the 2 results:
http://speedy.sh/YRnyb/mbam-log-2013-03-28-12-48-16.txt
thanks again:)
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Mar 28, 2013 at 04:21 PM
Mar 28, 2013 at 04:21 PM
Please stand-by for further instructions.
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Mar 28, 2013 at 04:32 PM
Mar 28, 2013 at 04:32 PM
Hi,
On your desktop, ZHP Diag created an icon called ZHP Fix which looks like a seringe.
1. Open ZHP Fix.
2. Copy the lines below.
3. Click on the Clipboard button, top left which will paste the lines.
4. Click on Go.
Here are the lines to copy:
O42 - Logiciel: Giant Savings - (.215 Apps.) [HKLM][64Bits] -- Giant Savings => Infection PUP (PUP.RewardsArcade)*
O42 - Logiciel: SoftwareUpdater - (...) [HKLM][64Bits] -- SoftwareUpdater => Infection PUP (PUP.Eorezo)
O42 - Logiciel: Yontoo 1.10.03 - (.Yontoo LLC.) [HKLM][64Bits] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} => Infection PUP (Adware.Yontoo)*
[HKCU\Software\9538bddb739eb44] => Infection PUP (Toolbar.Babylon)
[HKCU\Software\AppDataLow\Software\Crossrider] => Infection PUP (PUP.CrossRider)*
[HKCU\Software\AppDataLow\Software\Giant Savings] => Infection PUP (Adware.VidSaver)*
[HKCU\Software\DataMngr] => Infection PUP (PUP.BearShare)*
[HKCU\Software\Titan Poker] => Infection Web (Adware.Casino)
[HKLM\Software\Wow6432Node\9538bddb739eb44] => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\DataMngr] => Infection PUP (PUP.BearShare)*
[HKLM\Software\Wow6432Node\Titan Poker] => Infection Web (Adware.Casino)
O43 - CFD: 2012.08.25. - 17:33:48 - [2,643] ----D C:\Program Files (x86)\Giant Savings => Infection PUP (Adware.VidSaver)*
O43 - CFD: 2013.03.27. - 17:55:14 - [0,478] ----D C:\Program Files (x86)\SoftwareUpdater => Infection PUP (PUP.Eorezo)
O43 - CFD: 2013.03.27. - 17:54:29 - [0] ----D C:\ProgramData\Babylon => Infection PUP (Toolbar.Babylon)*
O43 - CFD: 2013.03.27. - 17:54:58 - [7,114] ----D C:\ProgramData\BrowserProtect => Infection PUP (Toolbar.Babylon)*
O43 - CFD: 2013.03.27. - 17:54:54 - [1,943] ----D C:\Users\pupi\AppData\Roaming\BabSolution => Infection PUP (Hijacker.BabSolution)
O43 - CFD: 2013.01.29. - 18:45:03 - [56,272] ----D C:\Users\pupi\AppData\Roaming\OpenCandy => Infection PUP (Adware.OpenCandy)*
O43 - CFD: 2013.03.27. - 17:58:04 - [0] ----D C:\Users\pupi\AppData\Roaming\WinDir => Infection Diverse
O43 - CFD: 2012.08.25. - 17:33:44 - [0,037] ----D C:\Users\pupi\AppData\Local\Giant Savings => Infection PUP (Adware.VidSaver)*
O43 - CFD: 2013.03.27. - 17:54:59 - [0,001] ----D C:\Users\pupi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect => Infection PUP (Toolbar.Babylon)*
O87 - FAEL: "{8F3B61D7-26CA-41EC-BB29-B3B0C57553C0}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) => Infection PUP (PUP.SweetIM)*
O87 - FAEL: "{27D5DAEB-FD34-416B-81EF-3E55FB0A34F6}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) => Infection PUP (PUP.SweetIM)*
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] => Infection PUP (Toolbar.Babylon)
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] => Infection BT (PUP.ClaroSearch)
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}] => Infection PUP (PUP.CrossRider)
[HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Adware.IncrediBar)
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Adware.IncrediBar)
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Adware.IncrediBar)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] => Infection PUP (Adware.Funmoods)
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] => Infection PUP (Adware.Funmoods)
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection PUP (Adware.Funmoods)
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection PUP (Adware.Funmoods)
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection PUP (Adware.Funmoods)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\AppID\escort.dll] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\escortapp.dll] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\escorteng.dll] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\esrv.EXE] => Infection PUP (PUP.Funmoods)
[HKLM\Software\Classes\b] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\escort.escortIEPane] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\escort.escortIEPane.1] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B] => Infection PUP (PUP.SweetIM)
[HKCU\Software\titan poker] => Infection Web (Adware.Casino)
[HKLM\Software\Wow6432Node\titan poker] => Infection Web (Adware.Casino)
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] => Infection PUP (Toolbar.Babylon)*
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] => Infection PUP (Toolbar.Babylon)*
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings] => Infection PUP (Adware.VidSaver)*
[HKLM\Software\Classes\Prod.cap] => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3] => Infection PUP (PUP.SweetIM)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] => Infection PUP (PUP.BProtector)
[HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193] => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Classes\AppID\ESRV.EXE] => Infection PUP (PUP.Funmoods)
[HKLM\Software\Classes\CrossriderApp0004479.BHO] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Classes\CrossriderApp0004479.BHO.1] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Classes\CrossriderApp0004479.Sandbox] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Classes\CrossriderApp0004479.Sandbox.1] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0004479.BHO] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0004479.BHO.1] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0004479.Sandbox] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0004479.Sandbox.1] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\escort.DLL] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\escortApp.DLL] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\escortEng.DLL] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\escorTlbr.DLL] => Infection PUP (PUP.Funmoods)*
[HKCU\Software\Mozilla\Firefox\Extensions]:{0F827075-B026-42F3-885D-98981EE7B1AE} => Infection PUP (Toolbar.Babylon)
C:\Program Files (x86)\Giant Savings => Infection PUP (Adware.VidSaver)*
C:\ProgramData\Babylon => Infection PUP (Toolbar.Babylon)*
C:\Users\pupi\AppData\Roaming\OpenCandy => Infection PUP (Adware.OpenCandy)*
C:\Users\pupi\AppData\Roaming\BabSolution => Infection PUP (Hijacker.BabSolution)
C:\Users\pupi\AppData\Local\Giant Savings => Infection PUP (Adware.VidSaver)*
C:\Users\pupi\AppData\LocalLow\SweetIM => Infection PUP (PUP.SweetIM)*
C:\Users\pupi\AppData\Local\Temp\Software => Infection PUP (Adware.Boxore)
C:\Users\pupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph => Infection BT (Spyware.GamePlayLabs)
[HKCU\Software\9538bddb739eb44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.986.67]:dllName="BrowserProtect.dll" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.986.67]:exeName="BrowserProtect.exe" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.986.67]:folderName="BrowserProtect" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.986.67]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.986.67]:serviceName="BrowserProtect" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.986.67]:version="2.5.986.67" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPCHREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPCHREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPCHREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPIEREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPIEREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPIEREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:INSTALL_FOLDER_NAME="BrowserProtect" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44]:KWFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:KWFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:KWFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:NTFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:NTFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:NTFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:PROTECTOR_DLL_NAME="BrowserProtect.dll" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44]:PROTECT_EXE_NAME="BrowserProtect.exe" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44]:SECHREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SECHREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SECHREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SEFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SEFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SEFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SEIEREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SEIEREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SEIEREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SERVICE_NAME="BrowserProtect" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44]:usrcheckbox="0" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:version="2.6.1125.80" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPCHREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPCHREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPCHREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPIEREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPIEREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPIEREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:INSTALL_FOLDER_NAME="BrowserProtect" => Infection PUP (Toolbar.Babylon)*
[HKLM\Software\Wow6432Node\9538bddb739eb44]:KWFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:KWFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:KWFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:NTFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:NTFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:NTFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:PROTECTOR_DLL_NAME="BrowserProtect.dll" => Infection PUP (Toolbar.Babylon)*
[HKLM\Software\Wow6432Node\9538bddb739eb44]:PROTECT_EXE_NAME="BrowserProtect.exe" => Infection PUP (Toolbar.Babylon)*
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SECHREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SECHREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SECHREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SEFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SEFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SEFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SEIEREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SEIEREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SEIEREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SERVICE_NAME="BrowserProtect" => Infection PUP (Toolbar.Babylon)*
[HKLM\Software\Wow6432Node\9538bddb739eb44]:usrcheckbox="0" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:version="2.6.1125.80" => Infection PUP (Toolbar.Babylon)
SR - | Auto 2569168 | (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe => Infection PUP (Toolbar.Babylon)*
SR - | Auto 31744 | (SrvUpdater) . (...) - C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe => Infection PUP (PUP.Eorezo)
5. Restart your computer.
6. Ensure the previous ZHP Diag log is deleted.
7. Generate a new ZHP log and upload it on speedyshare.
Regards
On your desktop, ZHP Diag created an icon called ZHP Fix which looks like a seringe.
1. Open ZHP Fix.
2. Copy the lines below.
3. Click on the Clipboard button, top left which will paste the lines.
4. Click on Go.
Here are the lines to copy:
O42 - Logiciel: Giant Savings - (.215 Apps.) [HKLM][64Bits] -- Giant Savings => Infection PUP (PUP.RewardsArcade)*
O42 - Logiciel: SoftwareUpdater - (...) [HKLM][64Bits] -- SoftwareUpdater => Infection PUP (PUP.Eorezo)
O42 - Logiciel: Yontoo 1.10.03 - (.Yontoo LLC.) [HKLM][64Bits] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} => Infection PUP (Adware.Yontoo)*
[HKCU\Software\9538bddb739eb44] => Infection PUP (Toolbar.Babylon)
[HKCU\Software\AppDataLow\Software\Crossrider] => Infection PUP (PUP.CrossRider)*
[HKCU\Software\AppDataLow\Software\Giant Savings] => Infection PUP (Adware.VidSaver)*
[HKCU\Software\DataMngr] => Infection PUP (PUP.BearShare)*
[HKCU\Software\Titan Poker] => Infection Web (Adware.Casino)
[HKLM\Software\Wow6432Node\9538bddb739eb44] => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\DataMngr] => Infection PUP (PUP.BearShare)*
[HKLM\Software\Wow6432Node\Titan Poker] => Infection Web (Adware.Casino)
O43 - CFD: 2012.08.25. - 17:33:48 - [2,643] ----D C:\Program Files (x86)\Giant Savings => Infection PUP (Adware.VidSaver)*
O43 - CFD: 2013.03.27. - 17:55:14 - [0,478] ----D C:\Program Files (x86)\SoftwareUpdater => Infection PUP (PUP.Eorezo)
O43 - CFD: 2013.03.27. - 17:54:29 - [0] ----D C:\ProgramData\Babylon => Infection PUP (Toolbar.Babylon)*
O43 - CFD: 2013.03.27. - 17:54:58 - [7,114] ----D C:\ProgramData\BrowserProtect => Infection PUP (Toolbar.Babylon)*
O43 - CFD: 2013.03.27. - 17:54:54 - [1,943] ----D C:\Users\pupi\AppData\Roaming\BabSolution => Infection PUP (Hijacker.BabSolution)
O43 - CFD: 2013.01.29. - 18:45:03 - [56,272] ----D C:\Users\pupi\AppData\Roaming\OpenCandy => Infection PUP (Adware.OpenCandy)*
O43 - CFD: 2013.03.27. - 17:58:04 - [0] ----D C:\Users\pupi\AppData\Roaming\WinDir => Infection Diverse
O43 - CFD: 2012.08.25. - 17:33:44 - [0,037] ----D C:\Users\pupi\AppData\Local\Giant Savings => Infection PUP (Adware.VidSaver)*
O43 - CFD: 2013.03.27. - 17:54:59 - [0,001] ----D C:\Users\pupi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect => Infection PUP (Toolbar.Babylon)*
O87 - FAEL: "{8F3B61D7-26CA-41EC-BB29-B3B0C57553C0}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) => Infection PUP (PUP.SweetIM)*
O87 - FAEL: "{27D5DAEB-FD34-416B-81EF-3E55FB0A34F6}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) => Infection PUP (PUP.SweetIM)*
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] => Infection PUP (Toolbar.Babylon)
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] => Infection BT (PUP.ClaroSearch)
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441179}] => Infection PUP (PUP.CrossRider)
[HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Adware.IncrediBar)
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Adware.IncrediBar)
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Adware.IncrediBar)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] => Infection PUP (Adware.Funmoods)
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] => Infection PUP (Adware.Funmoods)
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection PUP (Adware.Funmoods)
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection PUP (Adware.Funmoods)
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection PUP (Adware.Funmoods)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] => Infection BT (Adware.Yontoo)
[HKLM\Software\Classes\AppID\escort.dll] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\escortapp.dll] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\escorteng.dll] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\esrv.EXE] => Infection PUP (PUP.Funmoods)
[HKLM\Software\Classes\b] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\escort.escortIEPane] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\escort.escortIEPane.1] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B] => Infection PUP (PUP.SweetIM)
[HKCU\Software\titan poker] => Infection Web (Adware.Casino)
[HKLM\Software\Wow6432Node\titan poker] => Infection Web (Adware.Casino)
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] => Infection PUP (Toolbar.Babylon)*
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] => Infection PUP (Toolbar.Babylon)*
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings] => Infection PUP (Adware.VidSaver)*
[HKLM\Software\Classes\Prod.cap] => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3] => Infection PUP (PUP.SweetIM)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] => Infection PUP (PUP.BProtector)
[HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193] => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Classes\AppID\ESRV.EXE] => Infection PUP (PUP.Funmoods)
[HKLM\Software\Classes\CrossriderApp0004479.BHO] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Classes\CrossriderApp0004479.BHO.1] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Classes\CrossriderApp0004479.Sandbox] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Classes\CrossriderApp0004479.Sandbox.1] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0004479.BHO] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0004479.BHO.1] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0004479.Sandbox] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Wow6432Node\Classes\CrossriderApp0004479.Sandbox.1] => Infection PUP (PUP.CrossRider)*
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Wow6432Node\Classes\escort.escortIEPane.1] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\escort.DLL] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\escortApp.DLL] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\escortEng.DLL] => Infection PUP (PUP.Funmoods)*
[HKLM\Software\Classes\AppID\escorTlbr.DLL] => Infection PUP (PUP.Funmoods)*
[HKCU\Software\Mozilla\Firefox\Extensions]:{0F827075-B026-42F3-885D-98981EE7B1AE} => Infection PUP (Toolbar.Babylon)
C:\Program Files (x86)\Giant Savings => Infection PUP (Adware.VidSaver)*
C:\ProgramData\Babylon => Infection PUP (Toolbar.Babylon)*
C:\Users\pupi\AppData\Roaming\OpenCandy => Infection PUP (Adware.OpenCandy)*
C:\Users\pupi\AppData\Roaming\BabSolution => Infection PUP (Hijacker.BabSolution)
C:\Users\pupi\AppData\Local\Giant Savings => Infection PUP (Adware.VidSaver)*
C:\Users\pupi\AppData\LocalLow\SweetIM => Infection PUP (PUP.SweetIM)*
C:\Users\pupi\AppData\Local\Temp\Software => Infection PUP (Adware.Boxore)
C:\Users\pupi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph => Infection BT (Spyware.GamePlayLabs)
[HKCU\Software\9538bddb739eb44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.986.67]:dllName="BrowserProtect.dll" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.986.67]:exeName="BrowserProtect.exe" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.986.67]:folderName="BrowserProtect" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.986.67]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.986.67]:serviceName="BrowserProtect" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.5.986.67]:version="2.5.986.67" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPCHREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPCHREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPCHREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPIEREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPIEREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:HPIEREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:INSTALL_FOLDER_NAME="BrowserProtect" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44]:KWFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:KWFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:KWFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:NTFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:NTFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:NTFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:PROTECTOR_DLL_NAME="BrowserProtect.dll" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44]:PROTECT_EXE_NAME="BrowserProtect.exe" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44]:SECHREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SECHREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SECHREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SEFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SEFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SEFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SEIEREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SEIEREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SEIEREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:SERVICE_NAME="BrowserProtect" => Infection PUP (Toolbar.Babylon)*
[HKCU\Software\9538bddb739eb44]:usrcheckbox="0" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\9538bddb739eb44]:version="2.6.1125.80" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPCHREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPCHREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPCHREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPIEREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPIEREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:HPIEREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:INSTALL_FOLDER_NAME="BrowserProtect" => Infection PUP (Toolbar.Babylon)*
[HKLM\Software\Wow6432Node\9538bddb739eb44]:KWFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:KWFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:KWFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:NTCHREGEXP0="FO81jovjQUF+5S6+haV7vGe3TMfw8oqWAhSaKzFS9OtdgZ1j5X+B4jW/459R" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:NTFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:NTFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:NTFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:PROTECTOR_DLL_NAME="BrowserProtect.dll" => Infection PUP (Toolbar.Babylon)*
[HKLM\Software\Wow6432Node\9538bddb739eb44]:PROTECT_EXE_NAME="BrowserProtect.exe" => Infection PUP (Toolbar.Babylon)*
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SECHREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SECHREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SECHREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SEFFREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SEFFREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SEFFREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SEIEREGEXP0="FO81jovjQUF+5S6+hb1oqXHuCoautLvICxmXOjZS8Nofjp1mrjnE" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SEIEREGEXP1="FO81jovjQUF+5S6+hb1oqXHuCoao6JCRNVbcOGoRr/tSgZN57jqd6juo5odlV7RITopCig==" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SEIEREGEXP2="FO81jovjQUF+5S6+hb1oqXHuCoautLvIDR2ZNzsQ7eNQn5Fj3TmN4Df1q8U=" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:SERVICE_NAME="BrowserProtect" => Infection PUP (Toolbar.Babylon)*
[HKLM\Software\Wow6432Node\9538bddb739eb44]:usrcheckbox="0" => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\9538bddb739eb44]:version="2.6.1125.80" => Infection PUP (Toolbar.Babylon)
SR - | Auto 2569168 | (BrowserProtect) . (...) - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe => Infection PUP (Toolbar.Babylon)*
SR - | Auto 31744 | (SrvUpdater) . (...) - C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe => Infection PUP (PUP.Eorezo)
5. Restart your computer.
6. Ensure the previous ZHP Diag log is deleted.
7. Generate a new ZHP log and upload it on speedyshare.
Regards
kicsipup
Posts
5
Registration date
Wednesday March 27, 2013
Status
Member
Last seen
March 28, 2013
Mar 28, 2013 at 04:52 PM
Mar 28, 2013 at 04:52 PM
Hy!
Here's the result:
http://speedy.sh/PNsyv/ZHPDiag.txt
Oh...is it bad if the rouguekill program was running while i did the analisys? It's always running now...
thanks,
Here's the result:
http://speedy.sh/PNsyv/ZHPDiag.txt
Oh...is it bad if the rouguekill program was running while i did the analisys? It's always running now...
thanks,
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Mar 28, 2013 at 06:07 PM
Mar 28, 2013 at 06:07 PM
I would very much appreciate if you did not run anything unless I see it necessary, I did not detect any rogue trojan horse. You see, some tools may compromise the system stability.
Stand-by
Stand-by
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Mar 28, 2013 at 06:39 PM
Mar 28, 2013 at 06:39 PM
Gee, I am terribly sorry but I can't help you any further.
You were looking for trouble and you got it.
Upon a deep analysis, I found that you have downloaded and installed crack software.
You must delete Spybot as it will create big conflicts with your antivirus, anyway it's useless.
All of the malware you got came from torrent downloads or leaving the torrent applications open.
First repeat the actions with ZHP Fix with this lines:
[HKLM\Software\Wow6432Node\SoftwareUpdater] => Infection PUP (PUP.Eorezo)
O4 - GS\Programs: SpeechGrid.lnk . (...) -- C:\Program Files (x86)\SpeechGrid\SpeechGrid.exe (.not file.) => Fichier absent
O4 - GS\QuickLaunch: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe => Safer Networking Ltd - Spybot S&D*
O4 - GS\Desktop: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe => Safer Networking Ltd - Spybot S&D*
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM][64Bits] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 => Safer Networking Ltd - Spybot S&D*
O42 - Logiciel: µTorrent - (...) [HKLM][64Bits] -- uTorrent => P2P.µTorrent*
[HKCU\Software\BitTorrent] => P2P.BitTorrent*
[HKCU\Software\William Hill Poker] => Online Games Casino
[HKLM\Software\Wow6432Node\William Hill Poker] => Online Games Casino
O43 - CFD: 2012.10.16. - 15:33:17 - [61,763] ----D C:\Program Files (x86)\Spybot - Search & Destroy => Safer Networking Ltd - Spybot S&D*
O43 - CFD: 2012.07.14. - 13:24:08 - [0,854] ----D C:\Program Files (x86)\uTorrent => P2P.µTorrent*
O43 - CFD: 2013.03.28. - 0:31:10 - [10,785] ----D C:\ProgramData\Spybot - Search & Destroy => Safer Networking Ltd - Spybot S&D*
O43 - CFD: 2013.03.27. - 19:30:20 - [6,047] ----D C:\Users\pupi\AppData\Roaming\uTorrent => P2P.µTorrent*
O43 - CFD: 2013.01.01. - 18:38:11 - [0] ----D C:\Users\pupi\AppData\Local\ESN => Empty Folder not necessary
O44 - LFC:[MD5.8CF2B639F0324328B9902120198FF4AA] - 2013.03.28. - 12:45:26 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [97] => Xplode - AdwCleaner DeleteOnReboot
O47 - AAKE:Key Export SP - "C:\Users\pupi\AppData\Local\Temp\cvtres.exe" [Enabled] .(...) -- C:\Users\pupi\AppData\Local\Temp\cvtres.exe (.not file.) => Temporary file not necessary
O47 - AAKE:Key Export SP - "C:\Users\pupi\AppData\Roaming\bot.exe" [Enabled] .(...) -- C:\Users\pupi\AppData\Roaming\bot.exe (.not file.) => Fichier absent
O47 - AAKE:Key Export SP - "C:\Users\pupi\AppData\Local\Temp\46240.exe" [Enabled] .(...) -- C:\Users\pupi\AppData\Local\Temp\46240.exe (.not file.) => Temporary file not necessary
O47 - AAKE:Key Export SP - "C:\Users\pupi\AppData\Roaming\system32.exe" [Enabled] .(...) -- C:\Users\pupi\AppData\Roaming\system32.exe (.not file.) => Fichier absent
O47 - AAKE:Key Export SP - "C:\Users\pupi\AppData\Local\Temp\explorer.exe" [Enabled] .(...) -- C:\Users\pupi\AppData\Local\Temp\explorer.exe (.not file.) => Temporary file not necessary
O47 - AAKE:Key Export SP - "C:\Users\pupi\AppData\Roaming\explorer.exe" [Enabled] .(...) -- C:\Users\pupi\AppData\Roaming\explorer.exe (.not file.) => Fichier absent
O51 - MPSK:{23c4ff37-6cd9-11e2-a116-bc5ff43878a2}\AutoRun\command. (...) -- H:\Startme.exe (.not file.) => Fichier absent
O51 - MPSK:{54ccd619-53aa-11e2-907d-bc5ff43878a2}\AutoRun\command. (...) -- H:\OriginInstaller.exe (.not file.) => Fichier absent
O61 - LFC: 2013.03.25. - 0:11:06 ---A- C:\Users\pupi\AppData\Roaming\uTorrent\dht.dat [3884] => P2P.µTorrent*
O61 - LFC: 2013.03.25. - 0:11:06 ---A- C:\Users\pupi\AppData\Roaming\uTorrent\dht_feed.dat [2] => P2P.µTorrent*
O61 - LFC: 2013.03.25. - 0:11:06 ---A- C:\Users\pupi\AppData\Roaming\uTorrent\resume.dat [364923] => P2P.µTorrent*
O61 - LFC: 2013.03.25. - 0:11:06 ---A- C:\Users\pupi\AppData\Roaming\uTorrent\rss.dat [99] => P2P.µTorrent*
O61 - LFC: 2013.03.25. - 0:11:06 ---A- C:\Users\pupi\AppData\Roaming\uTorrent\settings.dat [13570] => P2P.µTorrent*
O61 - LFC: 2013.03.27. - 17:41:44 R-H-- C:\Users\pupi\AppData\Local\Temp\scweduler.exe [12800] => Temporary file not necessary
O61 - LFC: 2013.03.27. - 18:05:08 ---A- C:\Users\pupi\AppData\Local\Temp\dd_vcredistMSI16C5.txt [381958] => Temporary file not necessary
O61 - LFC: 2013.03.27. - 18:05:09 ---A- C:\Users\pupi\AppData\Local\Temp\dd_vcredistUI16C5.txt [11406] => Temporary file not necessary
O61 - LFC: 2013.03.27. - 18:23:55 ---A- C:\Users\pupi\AppData\Local\Temp\~DFD0D69AD396BB141A.TMP [245760] => Temporary file not necessary
O61 - LFC: 2013.03.27. - 22:23:29 ---A- C:\Users\pupi\AppData\Local\Temp\chart_data.dat [20988] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 12:40:24 ---A- C:\Users\pupi\AppData\Local\Temp\CRX_75DAF8CB7768\crl-set [1549] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 12:40:24 ---A- C:\Users\pupi\AppData\Local\Temp\CRX_75DAF8CB7768\manifest.json [34] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 12:45:46 ---A- C:\Users\pupi\AppData\Local\Temp\~DFA3B09F45101E5B23.TMP [327680] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 12:46:00 ---A- C:\Users\pupi\AppData\Local\Temp\~DFAC74C296081A4734.TMP [327680] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 12:48:02 ---A- C:\Users\pupi\AppData\Local\Temp\~DF18B582ED69D75576.TMP [344064] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 17:54:12 ---A- C:\Users\pupi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-28-2013( 17-54-12 ).SDB [0] => SUPERAntiSpyware.com - AppLogs
O61 - LFC: 2013.03.28. - 18:00:23 ---A- C:\Users\pupi\AppData\Local\Temp\~DF2C62E4643777403D.TMP [344064] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 18:01:11 ---A- C:\Users\pupi\AppData\Local\Temp\~DF88E297F220202F3D.TMP [327680] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 18:01:39 ---A- C:\Users\pupi\AppData\Local\Temp\~DFA736E16640C32FCE.TMP [344064] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 18:27:58 ---A- C:\Users\pupi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db [262144] => SUPERAntiSpyware.com - Quarantine
O61 - LFC: 2013.03.28. - 18:28:34 ---A- C:\Users\pupi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-28-2013( 18-0-49 ).SDB [919260] => SUPERAntiSpyware.com - AppLogs
O61 - LFC: 2013.03.28. - 21:37:44 ---A- C:\Users\pupi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-28-2013( 21-37-44 ).SDB [0] => SUPERAntiSpyware.com - AppLogs
D:\torrentrõl\nero-8.3.2.1_europe_micro\keygen.exe => Crack, KeyGen, Keymaker - Possible Malware
G:\játék\Call of Duty 2\keygen.exe => Crack, KeyGen, Keymaker - Possible Malware
[MD5.F23663CEC54B8E8FF8784C201A95EFC0] [SPRF][2013.03.27.] (...) -- C:\Users\pupi\AppData\Local\Temp\chart_data.dat [20988] => Temporary file not necessary
[MD5.AFCD63EED7C306D3E4E9539CC54621C7] [SPRF][2013.03.27.] (.Microsoft Corporation - Microsoft Scweduler Task Performer.) -- C:\Users\pupi\AppData\Local\Temp\scweduler.exe [12800] => Temporary file not necessary
O87 - FAEL: "{F019F04D-E880-43ED-96C8-69C320D74A4F}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe => P2P.BitTorrent*
O87 - FAEL: "{41A7A36C-C9B3-4A71-8FF1-787BC4E1C5C5}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe => P2P.BitTorrent*
O87 - FAEL: "{2DED5884-CB3F-46EB-B399-E71E41E906E7}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x64\RpcSandraSrv
O51 - MPSK:{81266047-cdaf-11e1-80b7-bc5ff43878a2}\AutoRun\command. (...) -- H:\SETUP.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
O51 - MPSK:{96c6d578-cdd9-11e1-8e3d-806e6f6e6963}\AutoRun\command. (...) -- F:\setup.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
O51 - MPSK:{ca292906-479e-11e2-8c7b-bc5ff43878a2}\AutoRun\command. (...) -- H:\SETUP.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
O51 - MPSK:{ca292907-479e-11e2-8c7b-bc5ff43878a2}\AutoRun\command. (...) -- H:\SETUP.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
O51 - MPSK:{cde56a40-91f4-11e2-91d1-bc5ff43878a2}\AutoRun\command. (...) -- H:\autorun.exe (.not file.) => Microsoft Windows NT or Infection USB
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] => Macromedia/Dreamweaver or PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] => Macromedia/D
I would like to fix one thing which issues from external memory devices
Download UsbFix (created by El Desaparecido) on your desktop.
http://ccm.net/download/download-24089-usbfix
If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.
Click on deletion
.
Let the tool work.
At the end of the scan a report will show which you can copy and paste here..
The report is save at the root ( C:\UsbFix.txt ).
Isn't this fun ?
You were looking for trouble and you got it.
Upon a deep analysis, I found that you have downloaded and installed crack software.
You must delete Spybot as it will create big conflicts with your antivirus, anyway it's useless.
All of the malware you got came from torrent downloads or leaving the torrent applications open.
First repeat the actions with ZHP Fix with this lines:
[HKLM\Software\Wow6432Node\SoftwareUpdater] => Infection PUP (PUP.Eorezo)
O4 - GS\Programs: SpeechGrid.lnk . (...) -- C:\Program Files (x86)\SpeechGrid\SpeechGrid.exe (.not file.) => Fichier absent
O4 - GS\QuickLaunch: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe => Safer Networking Ltd - Spybot S&D*
O4 - GS\Desktop: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe => Safer Networking Ltd - Spybot S&D*
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM][64Bits] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 => Safer Networking Ltd - Spybot S&D*
O42 - Logiciel: µTorrent - (...) [HKLM][64Bits] -- uTorrent => P2P.µTorrent*
[HKCU\Software\BitTorrent] => P2P.BitTorrent*
[HKCU\Software\William Hill Poker] => Online Games Casino
[HKLM\Software\Wow6432Node\William Hill Poker] => Online Games Casino
O43 - CFD: 2012.10.16. - 15:33:17 - [61,763] ----D C:\Program Files (x86)\Spybot - Search & Destroy => Safer Networking Ltd - Spybot S&D*
O43 - CFD: 2012.07.14. - 13:24:08 - [0,854] ----D C:\Program Files (x86)\uTorrent => P2P.µTorrent*
O43 - CFD: 2013.03.28. - 0:31:10 - [10,785] ----D C:\ProgramData\Spybot - Search & Destroy => Safer Networking Ltd - Spybot S&D*
O43 - CFD: 2013.03.27. - 19:30:20 - [6,047] ----D C:\Users\pupi\AppData\Roaming\uTorrent => P2P.µTorrent*
O43 - CFD: 2013.01.01. - 18:38:11 - [0] ----D C:\Users\pupi\AppData\Local\ESN => Empty Folder not necessary
O44 - LFC:[MD5.8CF2B639F0324328B9902120198FF4AA] - 2013.03.28. - 12:45:26 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [97] => Xplode - AdwCleaner DeleteOnReboot
O47 - AAKE:Key Export SP - "C:\Users\pupi\AppData\Local\Temp\cvtres.exe" [Enabled] .(...) -- C:\Users\pupi\AppData\Local\Temp\cvtres.exe (.not file.) => Temporary file not necessary
O47 - AAKE:Key Export SP - "C:\Users\pupi\AppData\Roaming\bot.exe" [Enabled] .(...) -- C:\Users\pupi\AppData\Roaming\bot.exe (.not file.) => Fichier absent
O47 - AAKE:Key Export SP - "C:\Users\pupi\AppData\Local\Temp\46240.exe" [Enabled] .(...) -- C:\Users\pupi\AppData\Local\Temp\46240.exe (.not file.) => Temporary file not necessary
O47 - AAKE:Key Export SP - "C:\Users\pupi\AppData\Roaming\system32.exe" [Enabled] .(...) -- C:\Users\pupi\AppData\Roaming\system32.exe (.not file.) => Fichier absent
O47 - AAKE:Key Export SP - "C:\Users\pupi\AppData\Local\Temp\explorer.exe" [Enabled] .(...) -- C:\Users\pupi\AppData\Local\Temp\explorer.exe (.not file.) => Temporary file not necessary
O47 - AAKE:Key Export SP - "C:\Users\pupi\AppData\Roaming\explorer.exe" [Enabled] .(...) -- C:\Users\pupi\AppData\Roaming\explorer.exe (.not file.) => Fichier absent
O51 - MPSK:{23c4ff37-6cd9-11e2-a116-bc5ff43878a2}\AutoRun\command. (...) -- H:\Startme.exe (.not file.) => Fichier absent
O51 - MPSK:{54ccd619-53aa-11e2-907d-bc5ff43878a2}\AutoRun\command. (...) -- H:\OriginInstaller.exe (.not file.) => Fichier absent
O61 - LFC: 2013.03.25. - 0:11:06 ---A- C:\Users\pupi\AppData\Roaming\uTorrent\dht.dat [3884] => P2P.µTorrent*
O61 - LFC: 2013.03.25. - 0:11:06 ---A- C:\Users\pupi\AppData\Roaming\uTorrent\dht_feed.dat [2] => P2P.µTorrent*
O61 - LFC: 2013.03.25. - 0:11:06 ---A- C:\Users\pupi\AppData\Roaming\uTorrent\resume.dat [364923] => P2P.µTorrent*
O61 - LFC: 2013.03.25. - 0:11:06 ---A- C:\Users\pupi\AppData\Roaming\uTorrent\rss.dat [99] => P2P.µTorrent*
O61 - LFC: 2013.03.25. - 0:11:06 ---A- C:\Users\pupi\AppData\Roaming\uTorrent\settings.dat [13570] => P2P.µTorrent*
O61 - LFC: 2013.03.27. - 17:41:44 R-H-- C:\Users\pupi\AppData\Local\Temp\scweduler.exe [12800] => Temporary file not necessary
O61 - LFC: 2013.03.27. - 18:05:08 ---A- C:\Users\pupi\AppData\Local\Temp\dd_vcredistMSI16C5.txt [381958] => Temporary file not necessary
O61 - LFC: 2013.03.27. - 18:05:09 ---A- C:\Users\pupi\AppData\Local\Temp\dd_vcredistUI16C5.txt [11406] => Temporary file not necessary
O61 - LFC: 2013.03.27. - 18:23:55 ---A- C:\Users\pupi\AppData\Local\Temp\~DFD0D69AD396BB141A.TMP [245760] => Temporary file not necessary
O61 - LFC: 2013.03.27. - 22:23:29 ---A- C:\Users\pupi\AppData\Local\Temp\chart_data.dat [20988] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 12:40:24 ---A- C:\Users\pupi\AppData\Local\Temp\CRX_75DAF8CB7768\crl-set [1549] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 12:40:24 ---A- C:\Users\pupi\AppData\Local\Temp\CRX_75DAF8CB7768\manifest.json [34] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 12:45:46 ---A- C:\Users\pupi\AppData\Local\Temp\~DFA3B09F45101E5B23.TMP [327680] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 12:46:00 ---A- C:\Users\pupi\AppData\Local\Temp\~DFAC74C296081A4734.TMP [327680] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 12:48:02 ---A- C:\Users\pupi\AppData\Local\Temp\~DF18B582ED69D75576.TMP [344064] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 17:54:12 ---A- C:\Users\pupi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-28-2013( 17-54-12 ).SDB [0] => SUPERAntiSpyware.com - AppLogs
O61 - LFC: 2013.03.28. - 18:00:23 ---A- C:\Users\pupi\AppData\Local\Temp\~DF2C62E4643777403D.TMP [344064] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 18:01:11 ---A- C:\Users\pupi\AppData\Local\Temp\~DF88E297F220202F3D.TMP [327680] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 18:01:39 ---A- C:\Users\pupi\AppData\Local\Temp\~DFA736E16640C32FCE.TMP [344064] => Temporary file not necessary
O61 - LFC: 2013.03.28. - 18:27:58 ---A- C:\Users\pupi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db [262144] => SUPERAntiSpyware.com - Quarantine
O61 - LFC: 2013.03.28. - 18:28:34 ---A- C:\Users\pupi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-28-2013( 18-0-49 ).SDB [919260] => SUPERAntiSpyware.com - AppLogs
O61 - LFC: 2013.03.28. - 21:37:44 ---A- C:\Users\pupi\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-28-2013( 21-37-44 ).SDB [0] => SUPERAntiSpyware.com - AppLogs
D:\torrentrõl\nero-8.3.2.1_europe_micro\keygen.exe => Crack, KeyGen, Keymaker - Possible Malware
G:\játék\Call of Duty 2\keygen.exe => Crack, KeyGen, Keymaker - Possible Malware
[MD5.F23663CEC54B8E8FF8784C201A95EFC0] [SPRF][2013.03.27.] (...) -- C:\Users\pupi\AppData\Local\Temp\chart_data.dat [20988] => Temporary file not necessary
[MD5.AFCD63EED7C306D3E4E9539CC54621C7] [SPRF][2013.03.27.] (.Microsoft Corporation - Microsoft Scweduler Task Performer.) -- C:\Users\pupi\AppData\Local\Temp\scweduler.exe [12800] => Temporary file not necessary
O87 - FAEL: "{F019F04D-E880-43ED-96C8-69C320D74A4F}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe => P2P.BitTorrent*
O87 - FAEL: "{41A7A36C-C9B3-4A71-8FF1-787BC4E1C5C5}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe => P2P.BitTorrent*
O87 - FAEL: "{2DED5884-CB3F-46EB-B399-E71E41E906E7}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x64\RpcSandraSrv
O51 - MPSK:{81266047-cdaf-11e1-80b7-bc5ff43878a2}\AutoRun\command. (...) -- H:\SETUP.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
O51 - MPSK:{96c6d578-cdd9-11e1-8e3d-806e6f6e6963}\AutoRun\command. (...) -- F:\setup.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
O51 - MPSK:{ca292906-479e-11e2-8c7b-bc5ff43878a2}\AutoRun\command. (...) -- H:\SETUP.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
O51 - MPSK:{ca292907-479e-11e2-8c7b-bc5ff43878a2}\AutoRun\command. (...) -- H:\SETUP.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
O51 - MPSK:{cde56a40-91f4-11e2-91d1-bc5ff43878a2}\AutoRun\command. (...) -- H:\autorun.exe (.not file.) => Microsoft Windows NT or Infection USB
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] => Macromedia/Dreamweaver or PUP.SweetIM
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] => Macromedia/D
I would like to fix one thing which issues from external memory devices
Download UsbFix (created by El Desaparecido) on your desktop.
http://ccm.net/download/download-24089-usbfix
If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.
Click on deletion
.
Let the tool work.
At the end of the scan a report will show which you can copy and paste here..
The report is save at the root ( C:\UsbFix.txt ).
Isn't this fun ?
Didn't find the answer you are looking for?
Ask a question
kicsipup
Posts
5
Registration date
Wednesday March 27, 2013
Status
Member
Last seen
March 28, 2013
Mar 28, 2013 at 07:59 PM
Mar 28, 2013 at 07:59 PM
thanks again:)
I'm working on it:)
I'm working on it:)
Mar 27, 2013 at 05:38 PM
Here's the result:
http://speedy.sh/Sbytg/ZHPDiag.txt
thank you in advance!