Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Bad Image Error

(In Progress)
(!)

co0ljade's Avatar
co0ljade co0ljade is offline
Member with 16 posts.
THREAD STARTER
 
Join Date: Feb 2013
10-Feb-2013, 07:24 AM #1
Bad Image Error
after running a program, this message will always pop-up on my windows 7 computer. almost all of my program has this error. for example after clicking my chrome browser, this message will pop-up

chrome.exe-Bad Image

C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL is either not designed to run on windows or it contains an error. Try installing the programe again using the original installation media or contact your system administrator or the software vendor for support.

Pls I need your help. thank you in advance
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
10-Feb-2013, 07:28 AM #2
follow advice here and post the logs those programs make
co0ljade's Avatar
co0ljade co0ljade is offline
Member with 16 posts.
THREAD STARTER
 
Join Date: Feb 2013
10-Feb-2013, 07:42 AM #3
Sir i cannot copy my log on my notepad using hijackthis. it says cannot find the c:\programs files\ rend micro\hijackthis\hijackthis.log.file.

what should i do to save my log file?
co0ljade's Avatar
co0ljade co0ljade is offline
Member with 16 posts.
THREAD STARTER
 
Join Date: Feb 2013
10-Feb-2013, 07:51 AM #4


how can i also solve that before scanning hiajckthis?
co0ljade's Avatar
co0ljade co0ljade is offline
Member with 16 posts.
THREAD STARTER
 
Join Date: Feb 2013
10-Feb-2013, 07:51 AM #5


how can i also solve that before scanning hiajckthis?
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
10-Feb-2013, 09:03 AM #6
forget hjt then and go on to dds
the dds reports will tell us a lot more anyway
co0ljade's Avatar
co0ljade co0ljade is offline
Member with 16 posts.
THREAD STARTER
 
Join Date: Feb 2013
11-Feb-2013, 06:43 AM #7
ok here is the first log file

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16438 BrowserJavaVersion: 1.6.0_33
Run by jade at 18:28:56 on 2013-02-11
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files\Globe Telecom\Click Fix\bin\sprtsvc.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\jade\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\jade\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\WandouLabs\wandoujia_helper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\WandouLabs\wandoujia_daemon.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\jade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\jade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jade\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
uURLSearchHooks: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - <orphaned>
uURLSearchHooks: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Blekko Search Bar Helper Object: {BAE35237-8D73-44D0-905C-8A95EA1E7E69} - c:\program files\blekko\spamfreesearch\1.8.3.9\bh\spamfreesearch.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Blekko Search Bar Toolbar: {EECF410C-006C-4A05-AD13-6741A0814DBF} - c:\program files\blekko\spamfreesearch\1.8.3.9\spamfreesearchTlbr.dll
uRun: [Facebook Update] "c:\users\jade\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [AdobeBridge] <no file>
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SRSAENotifier] c:\program files\srs labs\srs audio essentials\AENotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Free YouTube Download - c:\users\jade\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{A638D5F2-6887-4F44-B45F-5E951DF0A7F4} : NameServer = 222.127.143.5
TCP: Interfaces\{A638D5F2-6887-4F44-B45F-5E951DF0A7F4} : DHCPNameServer = 192.168.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
STS: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jade\appdata\roaming\mozilla\firefox\profiles\98r7dufa.default\
FF - prefs.js: browser.search.selectedEngine - blekko
FF - prefs.js: browser.startup.homepage - hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=536c75e7&tbp=rbox&u=c0f0113300000000000000e065058310&q=
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.129\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jade\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\jade\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\users\jade\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus _2.9.8.dll
FF - plugin: c:\users\jade\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\jade\appdata\roaming\igg\web3d\1.0.0.37\NPIGGWeb3DUpdater.dll
FF - plugin: c:\users\jade\appdata\roaming\igg\web3d\1.0.0.37\NPJoyConnectShell.dll
FF - plugin: c:\users\jade\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\jade\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\jade\appdata\roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: c:\users\jade\appdata\roaming\rckr\plugins\nprcplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - ExtSQL: 2013-02-07 06:44; torntv@torntv.com; c:\users\jade\appdata\roaming\mozilla\firefox\profiles\98r7dufa.default\ext ensions\torntv@torntv.com.xpi
FF - ExtSQL: 2013-02-07 06:44; plugin@yontoo.com; c:\users\jade\appdata\roaming\mozilla\firefox\profiles\98r7dufa.default\ext ensions\plugin@yontoo.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - c0f0113300000000000000e065058310
FF - user.js: extensions.BabylonToolbar_i.hardId - c0f0113300000000000000e065058310
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15579
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:50:38
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack -
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt -
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
FF - user.js: extentions.y2layers.installId - 9e278ec1-cb22-457f-aabf-0e331e46df7d
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.spamfreesearch.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.spamfreesearch.autoRvrt - false
FF - user.js: extensions.spamfreesearch_i.hmpg - true
FF - user.js: extensions.spamfreesearch.hmpgUrl - hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310
FF - user.js: extensions.spamfreesearch.hpOld0 -
FF - user.js: extensions.spamfreesearch.hpNew - hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310
FF - user.js: extensions.spamfreesearch.dfltSrch - true
FF - user.js: extensions.spamfreesearch.srchPrvdr - blekko
FF - user.js: extensions.spamfreesearch.keyWordUrl - hxxp://blekko.com/ws/?source=536c75e7&tbp=rbox&u=c0f0113300000000000000e065058310&q=
FF - user.js: extensions.spamfreesearch.dspOld -
FF - user.js: extensions.spamfreesearch.dspNew - blekko
FF - user.js: extensions.spamfreesearch_i.dnsErr - true
FF - user.js: extensions.spamfreesearch_i.newTab - true
FF - user.js: extensions.spamfreesearch.newTabUrl - chrome://spamfreesearch/content/new browser tab.html?source=536c75e7&tbp=tab&u=c0f0113300000000000000e065058310
FF - user.js: extensions.spamfreesearch.tlbrSrchUrl - hxxp://blekko.com/ws/?source=536c75e7&tbp=main&u=c0f0113300000000000000e065058310&q=
FF - user.js: extensions.spamfreesearch.id - c0f0113300000000000000e065058310
FF - user.js: extensions.spamfreesearch.appId - {1005247F-A178-490A-8DC3-6BAF09EA427B}
FF - user.js: extensions.spamfreesearch.instlDay - 15743
FF - user.js: extensions.spamfreesearch.vrsn - 1.8.3.9
FF - user.js: extensions.spamfreesearch.vrsni - 1.8.3.9
FF - user.js: extensions.spamfreesearch_i.vrsnTs - 1.8.3.915:35:46
FF - user.js: extensions.spamfreesearch.prtnrId - blekko
FF - user.js: extensions.spamfreesearch.prdct - spamfreesearch
FF - user.js: extensions.spamfreesearch.aflt - orgnl
FF - user.js: extensions.spamfreesearch_i.smplGrp - none
FF - user.js: extensions.spamfreesearch.tlbrId - base
FF - user.js: extensions.spamfreesearch.instlRef - 536c75e7
FF - user.js: extensions.spamfreesearch.dfltLng -
FF - user.js: extensions.spamfreesearch.excTlbr - false
FF - user.js: extensions.spamfreesearch.admin - false
.
============= SERVICES / DRIVERS ===============
.
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? D-Vitec;D-Vitec Driver
R? drvUnhooker;drvUnhooker
R? EagleXNt;EagleXNt
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? MBAMSwissArmy;MBAMSwissArmy
R? npggsvc;nProtect GameGuard Service
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? SkypeUpdate;Skype Updater
R? SRSHDAudioService;SRS HDAudio Lab Service
R? SwitchBoard;SwitchBoard
R? Synth3dVsc;Synth3dVsc
R? TsUsbFlt;TsUsbFlt
R? tsusbhub;tsusbhub
R? VGPU;VGPU
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
R? XDva385;XDva385
R? XDva386;XDva386
R? XDva388;XDva388
R? XDva389;XDva389
R? XDva390;XDva390
R? XDva391;XDva391
R? XDva392;XDva392
R? XDva393;XDva393
R? XDva394;XDva394
R? XDva396;XDva396
R? XDva397;XDva397
R? XDva398;XDva398
R? XDva399;XDva399
R? XDva400;XDva400
S? AMD External Events Utility;AMD External Events Utility
S? AMD FUEL Service;AMD FUEL Service
S? amdiox86;AMD IO Driver
S? AODDriver4.1;AODDriver4.1
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? AtiHDAudioService;AMD Function Driver for HD Audio Service
S? avast! Antivirus;avast! Antivirus
S? cpuz135;cpuz135
S? Freemake Improver;Freemake Improver
S? RTL8167;Realtek 8167 NT Driver
S? sprtsvc_globe;SupportSoft Sprocket Service (globe)
S? SRS_AE_Service;SRS Audio Essentials
S? TeamViewer8;TeamViewer 8
S? XDva401;XDva401
.
=============== Created Last 30 ================
.
2013-02-11 03:54:17 -------- d-----w- c:\users\jade\appdata\local\Torch
2013-02-11 03:00:47 388096 ----a-r- c:\users\jade\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-02-11 03:00:46 -------- dc----w- c:\program files\Trend Micro
2013-02-11 00:43:07 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-11 00:43:07 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-11 00:41:16 -------- dc----w- c:\program files\McAfee Security Scan
2013-02-11 00:17:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-02-10 21:03:58 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7f51f1f6-ceb6-4017-8849-997e051a001a}\mpengine.dll
2013-02-09 05:45:47 -------- dc----w- C:\New Folder
2013-02-08 13:46:36 -------- d-sh--w- C:\found.005
2013-02-08 03:08:25 -------- d-----r- c:\users\jade\Dropbox
2013-02-08 02:53:35 -------- d-----w- c:\users\jade\appdata\roaming\Dropbox
2013-02-07 23:35:43 -------- dc----w- c:\program files\blekko
2013-02-07 23:33:43 -------- d-----w- c:\users\jade\appdata\roaming\uTorrent
2013-02-07 14:52:49 -------- dc----w- c:\program files\Gophoto.it
2013-02-07 14:44:42 -------- dc----w- c:\program files\Yontoo
2013-02-07 14:44:33 -------- d-----w- c:\programdata\Tarma Installer
2013-02-07 14:44:13 -------- dc----w- c:\program files\TornTV.com
2013-02-06 04:05:40 -------- d-----w- c:\users\jade\appdata\roaming\DAEMON Tools Lite
2013-02-06 04:04:56 -------- d-----w- c:\programdata\DAEMON Tools Lite
2013-02-06 03:52:03 -------- dc----w- c:\program files\TeamViewer
2013-02-05 13:57:45 172544 ----a-w- c:\windows\system32\spp.dll
2013-02-05 13:49:50 -------- dc--a-w- C:\.Trash-999
2013-02-05 05:46:50 81920 -c--a-w- c:\program files\Zip.SFX
2013-02-05 05:46:50 75264 -c--a-w- c:\program files\WinCon.SFX
2013-02-05 05:46:50 404992 -c--a-w- c:\program files\Rar.exe
2013-02-05 05:46:50 270336 -c--a-w- c:\program files\UnRAR.exe
2013-02-05 05:46:50 196096 -c--a-w- c:\program files\RarExt64.dll
2013-02-05 05:46:50 167936 -c--a-w- c:\program files\RarExt.dll
2013-02-05 05:46:50 123904 -c--a-w- c:\program files\Uninstall.exe
2013-02-05 05:46:50 1159168 -c--a-w- c:\program files\WinRAR.exe
2013-02-05 05:46:50 101376 -c--a-w- c:\program files\Default.SFX
2013-02-05 05:46:50 -------- dc----w- c:\program files\Formats
2013-02-03 18:10:53 -------- d-sh--w- C:\found.004
2013-01-31 06:12:25 -------- dc----w- c:\program files\EaseUS
2013-01-30 18:46:01 -------- d-sh--w- C:\found.003
2013-01-23 06:29:44 -------- d-----w- c:\users\jade\appdata\local\{8509A439-2023-4948-936A-668169BFF6D2}
2013-01-17 06:01:38 -------- d-----w- c:\users\jade\appdata\local\{E84919D4-566E-4EAC-8D8B-F46B08E54D40}
2013-01-13 15:11:48 -------- d-sh--w- C:\found.002
.
==================== Find3M ====================
.
2013-02-09 07:01:17 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-09 07:01:17 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-17 09:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-17 20:35:29 852432608 ----a-w- c:\users\jade\CrossFire_Setup_v1107.exe
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:56:23 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe
2012-11-22 04:45:03 626688 ----a-w- c:\windows\system32\usp10.dll
2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 13:39:37 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
============= FINISH: 18:33:03.46 ===============
co0ljade's Avatar
co0ljade co0ljade is offline
Member with 16 posts.
THREAD STARTER
 
Join Date: Feb 2013
11-Feb-2013, 06:47 AM #8
then the second log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/05/25 8:54:31 PM
System Uptime: 13/02/11 5:34:33 AM (13 hours ago)
.
Motherboard: Emaxx Technologies, Inc | | EMX-MCP61M2-iCafe
Processor: AMD Athlon(tm) II X2 245 Processor | CPU 1 | 2913/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 65.36 GiB free.
D: is FIXED (NTFS) - 152 GiB total, 121.519 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Coprocessor
Device ID: PCI\VEN_10DE&DEV_03F4&SUBSYS_00000000&REV_A2\3&267A616A&0&0B
Manufacturer:
Name: Coprocessor
PNP Device ID: PCI\VEN_10DE&DEV_03F4&SUBSYS_00000000&REV_A2\3&267A616A&0&0B
Service:
.
Class GUID: {4d36e96e-e325-11ce-bfc1-08002be10318}
Description: Generic PnP Monitor
Device ID: DISPLAY\PHLC04C\5&F0F2916&0&UID513
Manufacturer: (Standard monitor types)
Name: Generic PnP Monitor
PNP Device ID: DISPLAY\PHLC04C\5&F0F2916&0&UID513
Service: monitor
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.5)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Profiles
avast! Free Antivirus
Blekko Search Bar
BlueJ
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Canon Digital Camera Solution Disk 40-46 Software Starter Guide
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot A480 Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CF_setup_120531 version 1057
CPUID CPU-Z 1.59
CrossFire(Remove only)
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
Dropbox
EaseUS Data Recovery Wizard 5.8.0
Facebook Video Calling 1.2.0.287
File Type Assistant
Free YouTube Download version 3.1.40.1031
Freemake Video Converter version 3.2.1
GameClub Launcher PH (Remove only)
Globe Broadband Click Fix
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
ideatool 1.0.15_os
IGG Web3D Player version 1.0.0.37
InstallIQ Updater
Internet TV for Windows Media Center
iTunes
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 33
Java(TM) SE Development Kit 6 Update 18
jGRASP
Junk Mail filter update
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash MX 2004
Macromedia Flash Player 8 Plugin
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Metal Slug Brutal 3
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Excel 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word 2010
Microsoft Office Word MUI (English) 2010
Microsoft PowerPoint 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Word 2010
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Movavi Video Converter 12
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
PDF Settings CS5
Picasa 3
Pixlr-o-matic
QuickTime
RaidCall
RapidTyping
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
SnapPea
SpecialForce(remove only)
SRS Audio Essentials
TeamSpeak 3 Client
TeamViewer 8
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.3
WebM Media Foundation Components
Windows Driver Package - Lenovo Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Player Firefox Plugin
WinRAR 4.20 (32-bit)
Yahoo! BrowserPlus 2.9.8
Yontoo 1.12.02
.
==== End Of File ===========================
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
11-Feb-2013, 07:26 AM #9
ok lets get rid of some of the junk with this first

Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
co0ljade's Avatar
co0ljade co0ljade is offline
Member with 16 posts.
THREAD STARTER
 
Join Date: Feb 2013
11-Feb-2013, 09:07 AM #10
heres the log sir

ComboFix 13-02-07.02 - jade 13/02/11 20:42:23.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1023.215 [GMT -8:00]
Running from: c:\users\jade\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\EPLog.txt
c:\cflog\Host.txt
c:\program files\Uninstall.exe
c:\users\jade\AppData\Local\TempDIR
c:\users\jade\AppData\Local\TempDIR\GFInstaller\AppName.txt
c:\users\jade\AppData\Local\TempDIR\GFInstaller\Channel.txt
c:\users\jade\AppData\Local\TempDIR\GFInstaller\DownloadURL.txt
c:\users\jade\AppData\Local\TempDIR\GFInstaller\GFInstaller.exe
c:\users\jade\AppData\Roaming\Microsoft\Windows\Recent\The Patches Scrolls.url
c:\users\jade\CrossFire_Setup_v1107.exe
c:\users\jade\Documents\~WRL0003.tmp
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\DEBUG.log
D:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2013-01-12 to 2013-02-12 )))))))))))))))))))))))))))))))
.
.
2013-02-12 04:59 . 2013-02-12 04:59 -------- d-----w- c:\users\jade\AppData\Local\temp
2013-02-12 04:59 . 2013-02-12 04:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-11 03:54 . 2013-02-11 04:03 -------- d-----w- c:\users\jade\AppData\Local\Torch
2013-02-11 03:00 . 2013-02-11 03:00 388096 ----a-r- c:\users\jade\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-11 03:00 . 2013-02-11 03:00 -------- dc----w- c:\program files\Trend Micro
2013-02-11 00:43 . 2013-02-11 00:43 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-11 00:43 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-11 00:41 . 2013-02-11 00:41 -------- dc----w- c:\program files\McAfee Security Scan
2013-02-11 00:41 . 2013-02-11 00:41 -------- d-----w- c:\programdata\McAfee
2013-02-11 00:17 . 2013-02-11 00:48 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-02-10 21:03 . 2013-01-18 20:17 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F51F1F6-CEB6-4017-8849-997E051A001A}\mpengine.dll
2013-02-09 05:45 . 2013-02-09 05:45 -------- dc----w- C:\New Folder
2013-02-08 13:46 . 2013-02-08 13:46 -------- d-----w- C:\found.005
2013-02-08 03:08 . 2013-02-12 03:28 -------- d-----r- c:\users\jade\Dropbox
2013-02-08 02:53 . 2013-02-12 03:28 -------- d-----w- c:\users\jade\AppData\Roaming\Dropbox
2013-02-07 23:35 . 2013-02-07 23:35 -------- dc----w- c:\program files\blekko
2013-02-07 23:33 . 2013-02-12 04:35 -------- d-----w- c:\users\jade\AppData\Roaming\uTorrent
2013-02-07 14:52 . 2013-02-07 14:52 -------- dc----w- c:\program files\Gophoto.it
2013-02-07 14:44 . 2013-02-07 14:44 -------- dc----w- c:\program files\Yontoo
2013-02-07 14:44 . 2013-02-07 14:44 -------- d-----w- c:\programdata\Tarma Installer
2013-02-07 14:44 . 2013-02-09 02:56 -------- dc----w- c:\program files\TornTV.com
2013-02-06 04:05 . 2013-02-07 01:08 -------- d-----w- c:\users\jade\AppData\Roaming\DAEMON Tools Lite
2013-02-06 04:04 . 2013-02-06 04:10 -------- d-----w- c:\programdata\DAEMON Tools Lite
2013-02-06 03:52 . 2013-02-06 03:52 -------- dc----w- c:\program files\TeamViewer
2013-02-05 13:57 . 2013-02-05 13:57 172544 ----a-w- c:\windows\system32\spp.dll
2013-02-05 13:49 . 2013-02-05 13:49 -------- dc--a-w- C:\.Trash-999
2013-02-05 05:46 . 2012-06-10 03:20 196096 -c--a-w- c:\program files\RarExt64.dll
2013-02-05 05:46 . 2012-06-10 03:20 167936 -c--a-w- c:\program files\RarExt.dll
2013-02-05 05:46 . 2012-06-10 03:19 81920 -c--a-w- c:\program files\Zip.SFX
2013-02-05 05:46 . 2012-06-10 03:19 101376 -c--a-w- c:\program files\Default.SFX
2013-02-05 05:46 . 2012-06-10 03:19 75264 -c--a-w- c:\program files\WinCon.SFX
2013-02-05 05:46 . 2012-06-10 03:19 270336 -c--a-w- c:\program files\UnRAR.exe
2013-02-05 05:46 . 2012-06-10 03:19 404992 -c--a-w- c:\program files\Rar.exe
2013-02-05 05:46 . 2012-06-10 03:19 1159168 -c--a-w- c:\program files\WinRAR.exe
2013-02-05 05:46 . 2012-02-27 02:24 -------- dc----w- c:\program files\Formats
2013-02-03 18:10 . 2013-02-03 18:10 -------- d-----w- C:\found.004
2013-01-31 06:12 . 2013-01-31 06:12 -------- dc----w- c:\program files\EaseUS
2013-01-30 18:46 . 2013-01-30 18:46 -------- d-----w- C:\found.003
2013-01-13 15:11 . 2013-01-13 15:11 -------- d-----w- C:\found.002
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-09 07:01 . 2012-01-29 05:55 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-09 07:01 . 2011-05-25 13:08 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 09:28 . 2011-05-25 13:14 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-16 14:13 . 2012-12-21 14:00 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 14:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26 . 2013-01-10 05:03 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-10 05:03 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-10 05:03 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-10 05:03 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-10 05:03 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-10 05:03 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-10 05:03 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-10 05:03 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-10 05:03 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-10 05:03 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-10 05:03 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-10 05:03 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-10 05:03 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-10 05:03 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-10 05:03 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-10 05:03 55296 ----a-w- c:\windows\system32\cero.rs
2012-11-30 04:53 . 2013-01-10 05:04 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 04:47 . 2013-01-10 05:04 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 04:45 . 2013-01-10 05:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 02:55 . 2013-01-10 05:04 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38 . 2013-01-10 05:04 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38 . 2013-01-10 05:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38 . 2013-01-10 05:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:56 . 2013-01-10 05:04 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-23 02:48 . 2013-01-10 05:03 49152 ----a-w- c:\windows\system32\taskhost.exe
2012-11-22 04:45 . 2013-01-10 05:04 626688 ----a-w- c:\windows\system32\usp10.dll
2012-11-20 04:51 . 2013-01-10 05:03 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 13:40 . 2012-11-14 13:40 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2012-11-14 13:40 . 2012-11-14 13:40 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-11-14 13:40 . 2012-11-14 13:40 718336 ----a-w- c:\windows\system32\mshtmlmedia.dll
2012-11-14 13:40 . 2012-11-14 13:40 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-11-14 13:40 . 2012-11-14 13:40 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-11-14 13:40 . 2012-11-14 13:40 61440 ----a-w- c:\windows\system32\iesetup.dll
2012-11-14 13:40 . 2012-11-14 13:40 525312 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 13:40 . 2012-11-14 13:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-11-14 13:40 . 2012-11-14 13:40 38400 ----a-w- c:\windows\system32\imgutil.dll
2012-11-14 13:40 . 2012-11-14 13:40 361984 ----a-w- c:\windows\system32\html.iec
2012-11-14 13:40 . 2012-11-14 13:40 2882048 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 13:40 . 2012-11-14 13:40 23040 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-14 13:40 . 2012-11-14 13:40 185344 ----a-w- c:\windows\system32\elshyph.dll
2012-11-14 13:40 . 2012-11-14 13:40 1772032 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 13:40 . 2012-11-14 13:40 158720 ----a-w- c:\windows\system32\msls31.dll
2012-11-14 13:40 . 2012-11-14 13:40 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-11-14 13:40 . 2012-11-14 13:40 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 13:40 . 2012-11-14 13:40 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 13:40 . 2012-11-14 13:40 135680 ----a-w- c:\windows\system32\wextract.exe
2012-11-14 13:40 . 2012-11-14 13:40 12800 ----a-w- c:\windows\system32\mshta.exe
2012-11-14 13:40 . 2012-11-14 13:40 111104 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-11-14 13:40 . 2012-11-14 13:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-11-14 13:39 . 2012-11-14 13:39 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2012-11-14 13:39 . 2012-11-14 13:39 906240 ----a-w- c:\windows\system32\FntCache.dll
2012-11-14 13:39 . 2012-11-14 13:39 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2012-11-14 13:39 . 2012-11-14 13:39 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2012-11-14 13:39 . 2012-11-14 13:39 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2012-11-14 13:39 . 2012-11-14 13:39 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2012-11-14 13:39 . 2012-11-14 13:39 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-11-14 13:39 . 2012-11-14 13:39 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2012-11-14 13:39 . 2012-11-14 13:39 3419136 ----a-w- c:\windows\system32\d2d1.dll
2012-11-14 13:39 . 2012-11-14 13:39 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2012-11-14 13:39 . 2012-11-14 13:39 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2012-11-14 13:39 . 2012-11-14 13:39 293376 ----a-w- c:\windows\system32\dxgi.dll
2012-11-14 13:39 . 2012-11-14 13:39 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2012-11-14 13:39 . 2012-11-14 13:39 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-11-14 13:39 . 2012-11-14 13:39 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2012-11-14 13:39 . 2012-11-14 13:39 220160 ----a-w- c:\windows\system32\d3d10core.dll
2012-11-14 13:39 . 2012-11-14 13:39 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-11-14 13:39 . 2012-11-14 13:39 1885696 ----a-w- c:\windows\system32\d3d10warp.dll
2012-11-14 13:39 . 2012-11-14 13:39 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2012-11-14 13:39 . 2012-11-14 13:39 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-11-14 13:39 . 2012-11-14 13:39 1504768 ----a-w- c:\windows\system32\d3d11.dll
2012-11-14 13:39 . 2012-11-14 13:39 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-02-05 15:07 . 2013-02-05 15:06 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}]
2012-10-15 16:28 251360 -c--a-w- c:\program files\blekko\spamfreesearch\1.8.3.9\bh\spamfreesearch.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EECF410C-006C-4A05-AD13-6741A0814DBF}"= "c:\program files\blekko\spamfreesearch\1.8.3.9\spamfreesearchTlbr.dll" [2012-10-15 325600]
.
[HKEY_CLASSES_ROOT\clsid\{eecf410c-006c-4a05-ad13-6741a0814dbf}]
[HKEY_CLASSES_ROOT\spamfreesearch.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\spamfreesearch.dskBnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\jade\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\jade\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\jade\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\jade\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-08 138096]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
"uTorrent"="c:\users\jade\Downloads\uTorrent.exe" [2013-02-07 1075024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SRSAENotifier"="c:\program files\SRS Labs\SRS Audio Essentials\AENotifier.exe" [2011-10-29 534904]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\jade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\jade\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
wandoujia_helper.lnk - c:\program files\WandouLabs\wandoujia_helper.exe [2012-7-9 4094920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 21:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidCall]
2012-10-29 18:34 3153592 -c--a-w- c:\program files\RaidCall\raidcall.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\jade\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService. exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 D-Vitec;D-Vitec Driver;c:\windows\system32\DRIVERS\dvitdcnt.sys [x]
R3 drvUnhooker;drvUnhooker;c:\windows\system32\drivers\LHTSSDT.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]
R3 XDva386;XDva386;c:\windows\system32\XDva386.sys [x]
R3 XDva388;XDva388;c:\windows\system32\XDva388.sys [x]
R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]
R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
R3 XDva392;XDva392;c:\windows\system32\XDva392.sys [x]
R3 XDva393;XDva393;c:\windows\system32\XDva393.sys [x]
R3 XDva396;XDva396;c:\windows\system32\XDva396.sys [x]
R3 XDva397;XDva397;c:\windows\system32\XDva397.sys [x]
R3 XDva398;XDva398;c:\windows\system32\XDva398.sys [x]
R3 XDva399;XDva399;c:\windows\system32\XDva399.sys [x]
R3 XDva400;XDva400;c:\windows\system32\XDva400.sys [x]
R3 XDva401;XDva401;c:\windows\system32\XDva401.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
R4 XDva394;XDva394;c:\windows\system32\XDva394.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 sprtsvc_globe;SupportSoft Sprocket Service (globe);c:\program files\Globe Telecom\Click Fix\bin\sprtsvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-29 07:01]
.
2013-02-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1599735970-808408531-985281693-1000Core.job
- c:\users\jade\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 03:11]
.
2013-02-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1599735970-808408531-985281693-1000UA.job
- c:\users\jade\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 03:11]
.
2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-10 01:46]
.
2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-10 01:46]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1599735970-808408531-985281693-1000Core.job
- c:\users\jade\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 01:21]
.
2013-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1599735970-808408531-985281693-1000UA.job
- c:\users\jade\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 01:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube Download - c:\users\jade\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{A638D5F2-6887-4F44-B45F-5E951DF0A7F4}: NameServer = 222.127.143.5
FF - ProfilePath - c:\users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\
FF - prefs.js: browser.search.selectedEngine - blekko
FF - prefs.js: browser.startup.homepage - hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=536c75e7&tbp=rbox&u=c0f0113300000000000000e065058310&q=
FF - ExtSQL: 2013-02-07 06:44; torntv@torntv.com; c:\users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\ext ensions\torntv@torntv.com.xpi
FF - ExtSQL: 2013-02-07 06:44; plugin@yontoo.com; c:\users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\ext ensions\plugin@yontoo.com
FF - user.js: extensions.BabylonToolbar_i.id - c0f0113300000000000000e065058310
FF - user.js: extensions.BabylonToolbar_i.hardId - c0f0113300000000000000e065058310
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15579
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:50
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack -
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt -
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
FF - user.js: extentions.y2layers.installId - 9e278ec1-cb22-457f-aabf-0e331e46df7d
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.spamfreesearch.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.spamfreesearch.autoRvrt - false
FF - user.js: extensions.spamfreesearch_i.hmpg - true
FF - user.js: extensions.spamfreesearch.hmpgUrl - hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310
FF - user.js: extensions.spamfreesearch.hpOld0 -
FF - user.js: extensions.spamfreesearch.hpNew - hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310
FF - user.js: extensions.spamfreesearch.dfltSrch - true
FF - user.js: extensions.spamfreesearch.srchPrvdr - blekko
FF - user.js: extensions.spamfreesearch.keyWordUrl - hxxp://blekko.com/ws/?source=536c75e7&tbp=rbox&u=c0f0113300000000000000e065058310&q=
FF - user.js: extensions.spamfreesearch.dspOld -
FF - user.js: extensions.spamfreesearch.dspNew - blekko
FF - user.js: extensions.spamfreesearch_i.dnsErr - true
FF - user.js: extensions.spamfreesearch_i.newTab - true
FF - user.js: extensions.spamfreesearch.newTabUrl - chrome://spamfreesearch/content/new browser tab.html?source=536c75e7&tbp=tab&u=c0f0113300000000000000e065058310
FF - user.js: extensions.spamfreesearch.tlbrSrchUrl - hxxp://blekko.com/ws/?source=536c75e7&tbp=main&u=c0f0113300000000000000e065058310&q=
FF - user.js: extensions.spamfreesearch.id - c0f0113300000000000000e065058310
FF - user.js: extensions.spamfreesearch.appId - {1005247F-A178-490A-8DC3-6BAF09EA427B}
FF - user.js: extensions.spamfreesearch.instlDay - 15743
FF - user.js: extensions.spamfreesearch.vrsn - 1.8.3.9
FF - user.js: extensions.spamfreesearch.vrsni - 1.8.3.9
FF - user.js: extensions.spamfreesearch_i.vrsnTs - 1.8.3.915:35
FF - user.js: extensions.spamfreesearch.prtnrId - blekko
FF - user.js: extensions.spamfreesearch.prdct - spamfreesearch
FF - user.js: extensions.spamfreesearch.aflt - orgnl
FF - user.js: extensions.spamfreesearch_i.smplGrp - none
FF - user.js: extensions.spamfreesearch.tlbrId - base
FF - user.js: extensions.spamfreesearch.instlRef - 536c75e7
FF - user.js: extensions.spamfreesearch.dfltLng -
FF - user.js: extensions.spamfreesearch.excTlbr - false
FF - user.js: extensions.spamfreesearch.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKCU-Run-AdobeBridge - (no file)
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
MSConfigStartUp-GoogleDriveSync - c:\program files\Google\Drive\googledrivesync.exe
AddRemove-WinRAR archiver - c:\program files\uninstall.exe
AddRemove-{E6AA5D49-777A-4707-9B92-624D500786EE}_is1 - c:\program files (x86)\GameClub\Crossfire\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\ UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserC hoice]
@Denied: (2) (S-1-5-21-1599735970-808408531-985281693-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\User Choice]
@Denied: (2) (S-1-5-21-1599735970-808408531-985281693-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariext z\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\Use rChoice]
@Denied: (2) (S-1-5-21-1599735970-808408531-985281693-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserC hoice]
@Denied: (2) (S-1-5-21-1599735970-808408531-985281693-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchiv e\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserC hoice]
@Denied: (2) (S-1-5-21-1599735970-808408531-985281693-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\Use rChoice]
@Denied: (2) (S-1-5-21-1599735970-808408531-985281693-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-11 21:01:32
ComboFix-quarantined-files.txt 2013-02-12 05:01
.
Pre-Run: 70,553,763,840 bytes free
Post-Run: 70,344,212,480 bytes free
.
- - End Of File - - 4EC236D5937A340EE6383BF1A08B9F61
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
11-Feb-2013, 10:10 AM #11
That didn't show what I expected it to
Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click Search.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[R1].txt.
co0ljade's Avatar
co0ljade co0ljade is offline
Member with 16 posts.
THREAD STARTER
 
Join Date: Feb 2013
19-Feb-2013, 09:57 AM #12
# AdwCleaner v2.112 - Logfile created 02/19/2013 at 21:51:18
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : jade - JADE-PC
# Boot Mode : Normal
# Running from : C:\Users\jade\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\sea rchplugins\Askcom.xml
File Found : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\sea rchplugins\Conduit.xml
File Found : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\sea rchplugins\spamfreesearch.xml
Folder Found : C:\Program Files\blekko
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Yontoo
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDfast
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\jade\AppData\Local\APN
Folder Found : C:\Users\jade\AppData\Local\Babylon
Folder Found : C:\Users\jade\AppData\Local\Conduit
Folder Found : C:\Users\jade\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\jade\AppData\LocalLow\blekko
Folder Found : C:\Users\jade\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\jade\AppData\LocalLow\Conduit
Folder Found : C:\Users\jade\AppData\LocalLow\PriceGong
Folder Found : C:\Users\jade\AppData\Roaming\Babylon
Folder Found : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\Con duitCommon
Folder Found : C:\Users\jade\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\blekko
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\blekko
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{ED90EC38-E71B-4C05-8FC1-DE46D5E692F5}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{441DDAAE-EE81-4DFF-B523-11D1A9134C3E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{709CA6FC-5747-4C3C-A4B0-064AC86415ED}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C2C8A5A6-1DFC-4ED1-A4DC-90EEC596AADC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E6026FA7-B9E5-4265-B22E-8EC40169C83D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.spamfreesearchESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.spamfreesearchESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\spamfreesearch.dskBnd
Key Found : HKLM\SOFTWARE\Classes\spamfreesearch.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\spamfreesearch.Hlpr
Key Found : HKLM\SOFTWARE\Classes\spamfreesearch.Hlpr.1
Key Found : HKLM\SOFTWARE\Classes\spamfreesearch.spamfreesearchappCore
Key Found : HKLM\SOFTWARE\Classes\spamfreesearch.spamfreesearchappCore.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BA93826B-8DCE-40C3-9E31-07E449C0A979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{ED90EC38-E71B-4C05-8FC1-DE46D5E692F5}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ofaekbahncacnjgelnfjcjoelcglkhkj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4729755-E1F9-48E4-BD9F-5B4D0202C16A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spamfreesearch
Key Found : HKU\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EECF410C-006C-4A05-AD13-6741A0814DBF}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16438

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://blekko.com/ws/?source=536c75e7&tbp=tab&u=c0f0113300000000000000e065058310

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\pre fs.js

Found : user_pref("browser.search.order.1", "blekko");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "c0f0113300000000000000e065058310");
Found : user_pref("extensions.BabylonToolbar_i.id", "c0f0113300000000000000e065058310");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15579");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "std");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:50:38");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.spamfreesearch.dspNew", "blekko");
Found : user_pref("extensions.spamfreesearch.hmpgUrl", "hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u[...]
Found : user_pref("extensions.spamfreesearch.hpNew", "hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c[...]
Found : user_pref("extensions.spamfreesearch.keyWordUrl", "hxxp://blekko.com/ws/?source=536c75e7&tbp=rbox&u=[...]
Found : user_pref("extensions.spamfreesearch.prtnrId", "blekko");
Found : user_pref("extensions.spamfreesearch.srchPrvdr", "blekko");
Found : user_pref("extensions.spamfreesearch.tlbrSrchUrl", "hxxp://blekko.com/ws/?source=536c75e7&tbp=main&u[...]
Found : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source=536c75e7&tbp=rbox&u=c0f0113300000000000000e06[...]

-\\ Google Chrome v24.0.1312.57

File : C:\Users\jade\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12208 octets] - [19/02/2013 21:51:18]

########## EOF - C:\AdwCleaner[R1].txt - [12269 octets] ##########
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
19-Feb-2013, 02:19 PM #13
Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
The logfile will also be saved in C:\AdwCleaner[S1].txt
co0ljade's Avatar
co0ljade co0ljade is offline
Member with 16 posts.
THREAD STARTER
 
Join Date: Feb 2013
19-Feb-2013, 08:20 PM #14
# AdwCleaner v2.112 - Logfile created 02/20/2013 at 08:06:29
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : jade - JADE-PC
# Boot Mode : Normal
# Running from : C:\Users\jade\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\sea rchplugins\Askcom.xml
File Deleted : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\sea rchplugins\Conduit.xml
File Deleted : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\sea rchplugins\spamfreesearch.xml
Folder Deleted : C:\Program Files\blekko
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDfast
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\jade\AppData\Local\APN
Folder Deleted : C:\Users\jade\AppData\Local\Babylon
Folder Deleted : C:\Users\jade\AppData\Local\Conduit
Folder Deleted : C:\Users\jade\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\jade\AppData\LocalLow\blekko
Folder Deleted : C:\Users\jade\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\jade\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\jade\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\jade\AppData\Roaming\Babylon
Folder Deleted : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\Con duitCommon
Folder Deleted : C:\Users\jade\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\blekko
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\blekko
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED90EC38-E71B-4C05-8FC1-DE46D5E692F5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{441DDAAE-EE81-4DFF-B523-11D1A9134C3E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{709CA6FC-5747-4C3C-A4B0-064AC86415ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C2C8A5A6-1DFC-4ED1-A4DC-90EEC596AADC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E6026FA7-B9E5-4265-B22E-8EC40169C83D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.spamfreesearchESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.spamfreesearchESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.Hlpr
Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.Hlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.spamfreesearchappCore
Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.spamfreesearchappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA93826B-8DCE-40C3-9E31-07E449C0A979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED90EC38-E71B-4C05-8FC1-DE46D5E692F5}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ofaekbahncacnjgelnfjcjoelcglkhkj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4729755-E1F9-48E4-BD9F-5B4D0202C16A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spamfreesearch
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EECF410C-006C-4A05-AD13-6741A0814DBF}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16438

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://blekko.com/ws/?source=536c75e7&tbp=tab&u=c0f0113300000000000000e065058310 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\pre fs.js

C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\use r.js ... Deleted !

Deleted : user_pref("browser.search.order.1", "blekko");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "c0f0113300000000000000e065058310");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "c0f0113300000000000000e065058310");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15579");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "std");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:50:38");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.spamfreesearch.dspNew", "blekko");
Deleted : user_pref("extensions.spamfreesearch.hmpgUrl", "hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u[...]
Deleted : user_pref("extensions.spamfreesearch.hpNew", "hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c[...]
Deleted : user_pref("extensions.spamfreesearch.keyWordUrl", "hxxp://blekko.com/ws/?source=536c75e7&tbp=rbox&u=[...]
Deleted : user_pref("extensions.spamfreesearch.prtnrId", "blekko");
Deleted : user_pref("extensions.spamfreesearch.srchPrvdr", "blekko");
Deleted : user_pref("extensions.spamfreesearch.tlbrSrchUrl", "hxxp://blekko.com/ws/?source=536c75e7&tbp=main&u[...]
Deleted : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source=536c75e7&tbp=rbox&u=c0f0113300000000000000e06[...]

-\\ Google Chrome v24.0.1312.57

File : C:\Users\jade\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12339 octets] - [19/02/2013 21:51:18]
AdwCleaner[R2].txt - [12400 octets] - [20/02/2013 08:06:05]
AdwCleaner[S1].txt - [12340 octets] - [20/02/2013 08:06:29]

########## EOF - C:\AdwCleaner[S1].txt - [12401 octets] ##########
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
20-Feb-2013, 03:39 AM #15
are you still having any problems after that
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
error, malware, problem, virus

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑