1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Bad Image Error

Discussion in 'Virus & Other Malware Removal' started by co0ljade, Feb 10, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. co0ljade

    co0ljade Thread Starter

    Joined:
    Feb 10, 2013
    Messages:
    16
    after running a program, this message will always pop-up on my windows 7 computer. almost all of my program has this error. for example after clicking my chrome browser, this message will pop-up

    chrome.exe-Bad Image

    C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL is either not designed to run on windows or it contains an error. Try installing the programe again using the original installation media or contact your system administrator or the software vendor for support.

    Pls I need your help. thank you in advance :(
     
  2. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,842
    follow advice here and post the logs those programs make
     
  3. co0ljade

    co0ljade Thread Starter

    Joined:
    Feb 10, 2013
    Messages:
    16
    Sir i cannot copy my log on my notepad using hijackthis. it says cannot find the c:\programs files\ rend micro\hijackthis\hijackthis.log.file.

    what should i do to save my log file?
     
  4. co0ljade

    co0ljade Thread Starter

    Joined:
    Feb 10, 2013
    Messages:
    16
    [​IMG]

    how can i also solve that before scanning hiajckthis?
     
  5. co0ljade

    co0ljade Thread Starter

    Joined:
    Feb 10, 2013
    Messages:
    16
    [​IMG]

    how can i also solve that before scanning hiajckthis?
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,842
    forget hjt then and go on to dds
    the dds reports will tell us a lot more anyway
     
  7. co0ljade

    co0ljade Thread Starter

    Joined:
    Feb 10, 2013
    Messages:
    16
    ok here is the first log file

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 10.0.9200.16438 BrowserJavaVersion: 1.6.0_33
    Run by jade at 18:28:56 on 2013-02-11
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    C:\Program Files\Globe Telecom\Click Fix\bin\sprtsvc.exe
    C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Users\jade\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Users\jade\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\WandouLabs\wandoujia_helper.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\WandouLabs\wandoujia_daemon.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Users\jade\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\jade\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\jade\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskhost.exe
    C:\Users\jade\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\jade\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\jade\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\jade\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\jade\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310
    uSearch Bar = Preserve
    uSearch Page = hxxp://www.google.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
    uURLSearchHooks: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - <orphaned>
    uURLSearchHooks: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Blekko Search Bar Helper Object: {BAE35237-8D73-44D0-905C-8A95EA1E7E69} - c:\program files\blekko\spamfreesearch\1.8.3.9\bh\spamfreesearch.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Blekko Search Bar Toolbar: {EECF410C-006C-4A05-AD13-6741A0814DBF} - c:\program files\blekko\spamfreesearch\1.8.3.9\spamfreesearchTlbr.dll
    uRun: [Facebook Update] "c:\users\jade\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
    uRun: [AdobeBridge] <no file>
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [SRSAENotifier] c:\program files\srs labs\srs audio essentials\AENotifier.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Free YouTube Download - c:\users\jade\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    TCP: NameServer = 192.168.254.254
    TCP: Interfaces\{A638D5F2-6887-4F44-B45F-5E951DF0A7F4} : NameServer = 222.127.143.5
    TCP: Interfaces\{A638D5F2-6887-4F44-B45F-5E951DF0A7F4} : DHCPNameServer = 192.168.254.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    STS: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\jade\appdata\roaming\mozilla\firefox\profiles\98r7dufa.default\
    FF - prefs.js: browser.search.selectedEngine - blekko
    FF - prefs.js: browser.startup.homepage - hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310
    FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=536c75e7&tbp=rbox&u=c0f0113300000000000000e065058310&q=
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.129\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\jade\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
    FF - plugin: c:\users\jade\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\users\jade\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\users\jade\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\users\jade\appdata\roaming\igg\web3d\1.0.0.37\NPIGGWeb3DUpdater.dll
    FF - plugin: c:\users\jade\appdata\roaming\igg\web3d\1.0.0.37\NPJoyConnectShell.dll
    FF - plugin: c:\users\jade\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\jade\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\users\jade\appdata\roaming\raidcall\plugins\nprcplugin.dll
    FF - plugin: c:\users\jade\appdata\roaming\rckr\plugins\nprcplugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - plugin: c:\windows\system32\wat\npWatWeb.dll
    FF - ExtSQL: 2013-02-07 06:44; [email protected]; c:\users\jade\appdata\roaming\mozilla\firefox\profiles\98r7dufa.default\extensions\[email protected]
    FF - ExtSQL: 2013-02-07 06:44; [email protected]; c:\users\jade\appdata\roaming\mozilla\firefox\profiles\98r7dufa.default\extensions\[email protected]
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.id - c0f0113300000000000000e065058310
    FF - user.js: extensions.BabylonToolbar_i.hardId - c0f0113300000000000000e065058310
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15579
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:50:38
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack -
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt -
    FF - user.js: extensions.BabylonToolbar_i.instlRef - std
    FF - user.js: extentions.y2layers.installId - 9e278ec1-cb22-457f-aabf-0e331e46df7d
    FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
    .
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.spamfreesearch.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
    FF - user.js: extensions.spamfreesearch.autoRvrt - false
    FF - user.js: extensions.spamfreesearch_i.hmpg - true
    FF - user.js: extensions.spamfreesearch.hmpgUrl - hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310
    FF - user.js: extensions.spamfreesearch.hpOld0 -
    FF - user.js: extensions.spamfreesearch.hpNew - hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310
    FF - user.js: extensions.spamfreesearch.dfltSrch - true
    FF - user.js: extensions.spamfreesearch.srchPrvdr - blekko
    FF - user.js: extensions.spamfreesearch.keyWordUrl - hxxp://blekko.com/ws/?source=536c75e7&tbp=rbox&u=c0f0113300000000000000e065058310&q=
    FF - user.js: extensions.spamfreesearch.dspOld -
    FF - user.js: extensions.spamfreesearch.dspNew - blekko
    FF - user.js: extensions.spamfreesearch_i.dnsErr - true
    FF - user.js: extensions.spamfreesearch_i.newTab - true
    FF - user.js: extensions.spamfreesearch.newTabUrl - chrome://spamfreesearch/content/new browser tab.html?source=536c75e7&tbp=tab&u=c0f0113300000000000000e065058310
    FF - user.js: extensions.spamfreesearch.tlbrSrchUrl - hxxp://blekko.com/ws/?source=536c75e7&tbp=main&u=c0f0113300000000000000e065058310&q=
    FF - user.js: extensions.spamfreesearch.id - c0f0113300000000000000e065058310
    FF - user.js: extensions.spamfreesearch.appId - {1005247F-A178-490A-8DC3-6BAF09EA427B}
    FF - user.js: extensions.spamfreesearch.instlDay - 15743
    FF - user.js: extensions.spamfreesearch.vrsn - 1.8.3.9
    FF - user.js: extensions.spamfreesearch.vrsni - 1.8.3.9
    FF - user.js: extensions.spamfreesearch_i.vrsnTs - 1.8.3.915:35:46
    FF - user.js: extensions.spamfreesearch.prtnrId - blekko
    FF - user.js: extensions.spamfreesearch.prdct - spamfreesearch
    FF - user.js: extensions.spamfreesearch.aflt - orgnl
    FF - user.js: extensions.spamfreesearch_i.smplGrp - none
    FF - user.js: extensions.spamfreesearch.tlbrId - base
    FF - user.js: extensions.spamfreesearch.instlRef - 536c75e7
    FF - user.js: extensions.spamfreesearch.dfltLng -
    FF - user.js: extensions.spamfreesearch.excTlbr - false
    FF - user.js: extensions.spamfreesearch.admin - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? D-Vitec;D-Vitec Driver
    R? drvUnhooker;drvUnhooker
    R? EagleXNt;EagleXNt
    R? fssfltr;fssfltr
    R? fsssvc;Windows Live Family Safety Service
    R? MBAMSwissArmy;MBAMSwissArmy
    R? npggsvc;nProtect GameGuard Service
    R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
    R? SkypeUpdate;Skype Updater
    R? SRSHDAudioService;SRS HDAudio Lab Service
    R? SwitchBoard;SwitchBoard
    R? Synth3dVsc;Synth3dVsc
    R? TsUsbFlt;TsUsbFlt
    R? tsusbhub;tsusbhub
    R? VGPU;VGPU
    R? WatAdminSvc;Windows Activation Technologies Service
    R? wlcrasvc;Windows Live Mesh remote connections service
    R? XDva385;XDva385
    R? XDva386;XDva386
    R? XDva388;XDva388
    R? XDva389;XDva389
    R? XDva390;XDva390
    R? XDva391;XDva391
    R? XDva392;XDva392
    R? XDva393;XDva393
    R? XDva394;XDva394
    R? XDva396;XDva396
    R? XDva397;XDva397
    R? XDva398;XDva398
    R? XDva399;XDva399
    R? XDva400;XDva400
    S? AMD External Events Utility;AMD External Events Utility
    S? AMD FUEL Service;AMD FUEL Service
    S? amdiox86;AMD IO Driver
    S? AODDriver4.1;AODDriver4.1
    S? aswFsBlk;aswFsBlk
    S? aswMonFlt;aswMonFlt
    S? aswSnx;aswSnx
    S? aswSP;aswSP
    S? AtiHDAudioService;AMD Function Driver for HD Audio Service
    S? avast! Antivirus;avast! Antivirus
    S? cpuz135;cpuz135
    S? Freemake Improver;Freemake Improver
    S? RTL8167;Realtek 8167 NT Driver
    S? sprtsvc_globe;SupportSoft Sprocket Service (globe)
    S? SRS_AE_Service;SRS Audio Essentials
    S? TeamViewer8;TeamViewer 8
    S? XDva401;XDva401
    .
    =============== Created Last 30 ================
    .
    2013-02-11 03:54:17 -------- d-----w- c:\users\jade\appdata\local\Torch
    2013-02-11 03:00:47 388096 ----a-r- c:\users\jade\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2013-02-11 03:00:46 -------- dc----w- c:\program files\Trend Micro
    2013-02-11 00:43:07 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-02-11 00:43:07 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
    2013-02-11 00:41:16 -------- dc----w- c:\program files\McAfee Security Scan
    2013-02-11 00:17:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-02-10 21:03:58 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7f51f1f6-ceb6-4017-8849-997e051a001a}\mpengine.dll
    2013-02-09 05:45:47 -------- dc----w- C:\New Folder
    2013-02-08 13:46:36 -------- d-sh--w- C:\found.005
    2013-02-08 03:08:25 -------- d-----r- c:\users\jade\Dropbox
    2013-02-08 02:53:35 -------- d-----w- c:\users\jade\appdata\roaming\Dropbox
    2013-02-07 23:35:43 -------- dc----w- c:\program files\blekko
    2013-02-07 23:33:43 -------- d-----w- c:\users\jade\appdata\roaming\uTorrent
    2013-02-07 14:52:49 -------- dc----w- c:\program files\Gophoto.it
    2013-02-07 14:44:42 -------- dc----w- c:\program files\Yontoo
    2013-02-07 14:44:33 -------- d-----w- c:\programdata\Tarma Installer
    2013-02-07 14:44:13 -------- dc----w- c:\program files\TornTV.com
    2013-02-06 04:05:40 -------- d-----w- c:\users\jade\appdata\roaming\DAEMON Tools Lite
    2013-02-06 04:04:56 -------- d-----w- c:\programdata\DAEMON Tools Lite
    2013-02-06 03:52:03 -------- dc----w- c:\program files\TeamViewer
    2013-02-05 13:57:45 172544 ----a-w- c:\windows\system32\spp.dll
    2013-02-05 13:49:50 -------- dc--a-w- C:\.Trash-999
    2013-02-05 05:46:50 81920 -c--a-w- c:\program files\Zip.SFX
    2013-02-05 05:46:50 75264 -c--a-w- c:\program files\WinCon.SFX
    2013-02-05 05:46:50 404992 -c--a-w- c:\program files\Rar.exe
    2013-02-05 05:46:50 270336 -c--a-w- c:\program files\UnRAR.exe
    2013-02-05 05:46:50 196096 -c--a-w- c:\program files\RarExt64.dll
    2013-02-05 05:46:50 167936 -c--a-w- c:\program files\RarExt.dll
    2013-02-05 05:46:50 123904 -c--a-w- c:\program files\Uninstall.exe
    2013-02-05 05:46:50 1159168 -c--a-w- c:\program files\WinRAR.exe
    2013-02-05 05:46:50 101376 -c--a-w- c:\program files\Default.SFX
    2013-02-05 05:46:50 -------- dc----w- c:\program files\Formats
    2013-02-03 18:10:53 -------- d-sh--w- C:\found.004
    2013-01-31 06:12:25 -------- dc----w- c:\program files\EaseUS
    2013-01-30 18:46:01 -------- d-sh--w- C:\found.003
    2013-01-23 06:29:44 -------- d-----w- c:\users\jade\appdata\local\{8509A439-2023-4948-936A-668169BFF6D2}
    2013-01-17 06:01:38 -------- d-----w- c:\users\jade\appdata\local\{E84919D4-566E-4EAC-8D8B-F46B08E54D40}
    2013-01-13 15:11:48 -------- d-sh--w- C:\found.002
    .
    ==================== Find3M ====================
    .
    2013-02-09 07:01:17 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-09 07:01:17 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-17 09:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
    2012-12-17 20:35:29 852432608 ----a-w- c:\users\jade\CrossFire_Setup_v1107.exe
    2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
    2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 02:56:23 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe
    2012-11-22 04:45:03 626688 ----a-w- c:\windows\system32\usp10.dll
    2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
    2012-11-14 13:39:37 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    .
    ============= FINISH: 18:33:03.46 ===============
     
  8. co0ljade

    co0ljade Thread Starter

    Joined:
    Feb 10, 2013
    Messages:
    16
    then the second log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/05/25 8:54:31 PM
    System Uptime: 13/02/11 5:34:33 AM (13 hours ago)
    .
    Motherboard: Emaxx Technologies, Inc | | EMX-MCP61M2-iCafe
    Processor: AMD Athlon(tm) II X2 245 Processor | CPU 1 | 2913/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 146 GiB total, 65.36 GiB free.
    D: is FIXED (NTFS) - 152 GiB total, 121.519 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Coprocessor
    Device ID: PCI\VEN_10DE&DEV_03F4&SUBSYS_00000000&REV_A2\3&267A616A&0&0B
    Manufacturer:
    Name: Coprocessor
    PNP Device ID: PCI\VEN_10DE&DEV_03F4&SUBSYS_00000000&REV_A2\3&267A616A&0&0B
    Service:
    .
    Class GUID: {4d36e96e-e325-11ce-bfc1-08002be10318}
    Description: Generic PnP Monitor
    Device ID: DISPLAY\PHLC04C\5&F0F2916&0&UID513
    Manufacturer: (Standard monitor types)
    Name: Generic PnP Monitor
    PNP Device ID: DISPLAY\PHLC04C\5&F0F2916&0&UID513
    Service: monitor
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe AIR
    Adobe Community Help
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader X (10.1.5)
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Fuel
    AMD Media Foundation Decoders
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Application Profiles
    avast! Free Antivirus
    Blekko Search Bar
    BlueJ
    Bonjour
    Call of Duty(R) 4 - Modern Warfare(TM)
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    Canon Digital Camera Solution Disk 40-46 Software Starter Guide
    Canon MovieEdit Task for ZoomBrowser EX
    Canon Personal Printing Guide
    Canon PowerShot A480 Camera User Guide
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    CF_setup_120531 version 1057
    CPUID CPU-Z 1.59
    CrossFire(Remove only)
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DivX Setup
    Dropbox
    EaseUS Data Recovery Wizard 5.8.0
    Facebook Video Calling 1.2.0.287
    File Type Assistant
    Free YouTube Download version 3.1.40.1031
    Freemake Video Converter version 3.2.1
    GameClub Launcher PH (Remove only)
    Globe Broadband Click Fix
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    ideatool 1.0.15_os
    IGG Web3D Player version 1.0.0.37
    InstallIQ Updater
    Internet TV for Windows Media Center
    iTunes
    Java Auto Updater
    Java DB 10.5.3.0
    Java(TM) 6 Update 33
    Java(TM) SE Development Kit 6 Update 18
    jGRASP
    Junk Mail filter update
    Macromedia Extension Manager
    Macromedia Flash 8
    Macromedia Flash 8 Video Encoder
    Macromedia Flash MX 2004
    Macromedia Flash Player 8 Plugin
    Malwarebytes Anti-Malware version 1.70.0.1100
    McAfee Security Scan Plus
    Mesh Runtime
    Messenger Companion
    Metal Slug Brutal 3
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Excel 2010
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft PowerPoint 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Word 2010
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Movavi Video Converter 12
    Mozilla Firefox 18.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    PDF Settings CS5
    Picasa 3
    Pixlr-o-matic
    QuickTime
    RaidCall
    RapidTyping
    Safari
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Skype Click to Call
    Skype™ 5.10
    SnapPea
    SpecialForce(remove only)
    SRS Audio Essentials
    TeamSpeak 3 Client
    TeamViewer 8
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    VC80CRTRedist - 8.0.50727.6195
    VLC media player 2.0.3
    WebM Media Foundation Components
    Windows Driver Package - Lenovo Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Center Add-in for Flash
    Windows Media Player Firefox Plugin
    WinRAR 4.20 (32-bit)
    Yahoo! BrowserPlus 2.9.8
    Yontoo 1.12.02
    .
    ==== End Of File ===========================
     
  9. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,842
    ok lets get rid of some of the junk with this first

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  10. co0ljade

    co0ljade Thread Starter

    Joined:
    Feb 10, 2013
    Messages:
    16
    heres the log sir

    ComboFix 13-02-07.02 - jade 13/02/11 20:42:23.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1023.215 [GMT -8:00]
    Running from: c:\users\jade\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\CFLog
    c:\cflog\EPLog.txt
    c:\cflog\Host.txt
    c:\program files\Uninstall.exe
    c:\users\jade\AppData\Local\TempDIR
    c:\users\jade\AppData\Local\TempDIR\GFInstaller\AppName.txt
    c:\users\jade\AppData\Local\TempDIR\GFInstaller\Channel.txt
    c:\users\jade\AppData\Local\TempDIR\GFInstaller\DownloadURL.txt
    c:\users\jade\AppData\Local\TempDIR\GFInstaller\GFInstaller.exe
    c:\users\jade\AppData\Roaming\Microsoft\Windows\Recent\The Patches Scrolls.url
    c:\users\jade\CrossFire_Setup_v1107.exe
    c:\users\jade\Documents\~WRL0003.tmp
    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    c:\windows\system32\DEBUG.log
    D:\autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-12 to 2013-02-12 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-12 04:59 . 2013-02-12 04:59 -------- d-----w- c:\users\jade\AppData\Local\temp
    2013-02-12 04:59 . 2013-02-12 04:59 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-11 03:54 . 2013-02-11 04:03 -------- d-----w- c:\users\jade\AppData\Local\Torch
    2013-02-11 03:00 . 2013-02-11 03:00 388096 ----a-r- c:\users\jade\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-02-11 03:00 . 2013-02-11 03:00 -------- dc----w- c:\program files\Trend Micro
    2013-02-11 00:43 . 2013-02-11 00:43 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
    2013-02-11 00:43 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-02-11 00:41 . 2013-02-11 00:41 -------- dc----w- c:\program files\McAfee Security Scan
    2013-02-11 00:41 . 2013-02-11 00:41 -------- d-----w- c:\programdata\McAfee
    2013-02-11 00:17 . 2013-02-11 00:48 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-02-10 21:03 . 2013-01-18 20:17 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F51F1F6-CEB6-4017-8849-997E051A001A}\mpengine.dll
    2013-02-09 05:45 . 2013-02-09 05:45 -------- dc----w- C:\New Folder
    2013-02-08 13:46 . 2013-02-08 13:46 -------- d-----w- C:\found.005
    2013-02-08 03:08 . 2013-02-12 03:28 -------- d-----r- c:\users\jade\Dropbox
    2013-02-08 02:53 . 2013-02-12 03:28 -------- d-----w- c:\users\jade\AppData\Roaming\Dropbox
    2013-02-07 23:35 . 2013-02-07 23:35 -------- dc----w- c:\program files\blekko
    2013-02-07 23:33 . 2013-02-12 04:35 -------- d-----w- c:\users\jade\AppData\Roaming\uTorrent
    2013-02-07 14:52 . 2013-02-07 14:52 -------- dc----w- c:\program files\Gophoto.it
    2013-02-07 14:44 . 2013-02-07 14:44 -------- dc----w- c:\program files\Yontoo
    2013-02-07 14:44 . 2013-02-07 14:44 -------- d-----w- c:\programdata\Tarma Installer
    2013-02-07 14:44 . 2013-02-09 02:56 -------- dc----w- c:\program files\TornTV.com
    2013-02-06 04:05 . 2013-02-07 01:08 -------- d-----w- c:\users\jade\AppData\Roaming\DAEMON Tools Lite
    2013-02-06 04:04 . 2013-02-06 04:10 -------- d-----w- c:\programdata\DAEMON Tools Lite
    2013-02-06 03:52 . 2013-02-06 03:52 -------- dc----w- c:\program files\TeamViewer
    2013-02-05 13:57 . 2013-02-05 13:57 172544 ----a-w- c:\windows\system32\spp.dll
    2013-02-05 13:49 . 2013-02-05 13:49 -------- dc--a-w- C:\.Trash-999
    2013-02-05 05:46 . 2012-06-10 03:20 196096 -c--a-w- c:\program files\RarExt64.dll
    2013-02-05 05:46 . 2012-06-10 03:20 167936 -c--a-w- c:\program files\RarExt.dll
    2013-02-05 05:46 . 2012-06-10 03:19 81920 -c--a-w- c:\program files\Zip.SFX
    2013-02-05 05:46 . 2012-06-10 03:19 101376 -c--a-w- c:\program files\Default.SFX
    2013-02-05 05:46 . 2012-06-10 03:19 75264 -c--a-w- c:\program files\WinCon.SFX
    2013-02-05 05:46 . 2012-06-10 03:19 270336 -c--a-w- c:\program files\UnRAR.exe
    2013-02-05 05:46 . 2012-06-10 03:19 404992 -c--a-w- c:\program files\Rar.exe
    2013-02-05 05:46 . 2012-06-10 03:19 1159168 -c--a-w- c:\program files\WinRAR.exe
    2013-02-05 05:46 . 2012-02-27 02:24 -------- dc----w- c:\program files\Formats
    2013-02-03 18:10 . 2013-02-03 18:10 -------- d-----w- C:\found.004
    2013-01-31 06:12 . 2013-01-31 06:12 -------- dc----w- c:\program files\EaseUS
    2013-01-30 18:46 . 2013-01-30 18:46 -------- d-----w- C:\found.003
    2013-01-13 15:11 . 2013-01-13 15:11 -------- d-----w- C:\found.002
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-09 07:01 . 2012-01-29 05:55 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-09 07:01 . 2011-05-25 13:08 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-17 09:28 . 2011-05-25 13:14 232336 ------w- c:\windows\system32\MpSigStub.exe
    2012-12-16 14:13 . 2012-12-21 14:00 295424 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 14:00 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-07 12:26 . 2013-01-10 05:03 308736 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 12:20 . 2013-01-10 05:03 2576384 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 10:46 . 2013-01-10 05:03 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 10:46 . 2013-01-10 05:03 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 10:46 . 2013-01-10 05:03 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-10 05:03 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-10 05:03 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-10 05:03 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 10:46 . 2013-01-10 05:03 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-10 05:03 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 10:46 . 2013-01-10 05:03 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 10:46 . 2013-01-10 05:03 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 10:46 . 2013-01-10 05:03 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 10:46 . 2013-01-10 05:03 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 10:46 . 2013-01-10 05:03 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-10 05:03 55296 ----a-w- c:\windows\system32\cero.rs
    2012-11-30 04:53 . 2013-01-10 05:04 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-11-30 04:47 . 2013-01-10 05:04 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 04:45 . 2013-01-10 05:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 02:55 . 2013-01-10 05:04 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-11-30 02:38 . 2013-01-10 05:04 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38 . 2013-01-10 05:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38 . 2013-01-10 05:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38 . 2013-01-10 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 02:56 . 2013-01-10 05:04 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-11-23 02:48 . 2013-01-10 05:03 49152 ----a-w- c:\windows\system32\taskhost.exe
    2012-11-22 04:45 . 2013-01-10 05:04 626688 ----a-w- c:\windows\system32\usp10.dll
    2012-11-20 04:51 . 2013-01-10 05:03 220160 ----a-w- c:\windows\system32\ncrypt.dll
    2012-11-14 13:40 . 2012-11-14 13:40 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2012-11-14 13:40 . 2012-11-14 13:40 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-11-14 13:40 . 2012-11-14 13:40 718336 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2012-11-14 13:40 . 2012-11-14 13:40 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-11-14 13:40 . 2012-11-14 13:40 61952 ----a-w- c:\windows\system32\tdc.ocx
    2012-11-14 13:40 . 2012-11-14 13:40 61440 ----a-w- c:\windows\system32\iesetup.dll
    2012-11-14 13:40 . 2012-11-14 13:40 525312 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 13:40 . 2012-11-14 13:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-11-14 13:40 . 2012-11-14 13:40 38400 ----a-w- c:\windows\system32\imgutil.dll
    2012-11-14 13:40 . 2012-11-14 13:40 361984 ----a-w- c:\windows\system32\html.iec
    2012-11-14 13:40 . 2012-11-14 13:40 2882048 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 13:40 . 2012-11-14 13:40 23040 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-14 13:40 . 2012-11-14 13:40 185344 ----a-w- c:\windows\system32\elshyph.dll
    2012-11-14 13:40 . 2012-11-14 13:40 1772032 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 13:40 . 2012-11-14 13:40 158720 ----a-w- c:\windows\system32\msls31.dll
    2012-11-14 13:40 . 2012-11-14 13:40 150528 ----a-w- c:\windows\system32\iexpress.exe
    2012-11-14 13:40 . 2012-11-14 13:40 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 13:40 . 2012-11-14 13:40 137216 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 13:40 . 2012-11-14 13:40 135680 ----a-w- c:\windows\system32\wextract.exe
    2012-11-14 13:40 . 2012-11-14 13:40 12800 ----a-w- c:\windows\system32\mshta.exe
    2012-11-14 13:40 . 2012-11-14 13:40 111104 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-11-14 13:40 . 2012-11-14 13:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2012-11-14 13:39 . 2012-11-14 13:39 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2012-11-14 13:39 . 2012-11-14 13:39 906240 ----a-w- c:\windows\system32\FntCache.dll
    2012-11-14 13:39 . 2012-11-14 13:39 604160 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-11-14 13:39 . 2012-11-14 13:39 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2012-11-14 13:39 . 2012-11-14 13:39 417792 ----a-w- c:\windows\system32\WMPhoto.dll
    2012-11-14 13:39 . 2012-11-14 13:39 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
    2012-11-14 13:39 . 2012-11-14 13:39 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2012-11-14 13:39 . 2012-11-14 13:39 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2012-11-14 13:39 . 2012-11-14 13:39 3419136 ----a-w- c:\windows\system32\d2d1.dll
    2012-11-14 13:39 . 2012-11-14 13:39 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
    2012-11-14 13:39 . 2012-11-14 13:39 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2012-11-14 13:39 . 2012-11-14 13:39 293376 ----a-w- c:\windows\system32\dxgi.dll
    2012-11-14 13:39 . 2012-11-14 13:39 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2012-11-14 13:39 . 2012-11-14 13:39 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-11-14 13:39 . 2012-11-14 13:39 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
    2012-11-14 13:39 . 2012-11-14 13:39 220160 ----a-w- c:\windows\system32\d3d10core.dll
    2012-11-14 13:39 . 2012-11-14 13:39 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2012-11-14 13:39 . 2012-11-14 13:39 1885696 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-11-14 13:39 . 2012-11-14 13:39 187392 ----a-w- c:\windows\system32\UIAnimation.dll
    2012-11-14 13:39 . 2012-11-14 13:39 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-11-14 13:39 . 2012-11-14 13:39 1504768 ----a-w- c:\windows\system32\d3d11.dll
    2012-11-14 13:39 . 2012-11-14 13:39 1247744 ----a-w- c:\windows\system32\DWrite.dll
    2013-02-05 15:07 . 2013-02-05 15:06 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}]
    2012-10-15 16:28 251360 -c--a-w- c:\program files\blekko\spamfreesearch\1.8.3.9\bh\spamfreesearch.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EECF410C-006C-4A05-AD13-6741A0814DBF}"= "c:\program files\blekko\spamfreesearch\1.8.3.9\spamfreesearchTlbr.dll" [2012-10-15 325600]
    .
    [HKEY_CLASSES_ROOT\clsid\{eecf410c-006c-4a05-ad13-6741a0814dbf}]
    [HKEY_CLASSES_ROOT\spamfreesearch.dskBnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
    [HKEY_CLASSES_ROOT\spamfreesearch.dskBnd]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 23:50 121528 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\jade\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\jade\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\jade\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Facebook Update"="c:\users\jade\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-08 138096]
    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
    "uTorrent"="c:\users\jade\Downloads\uTorrent.exe" [2013-02-07 1075024]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "SRSAENotifier"="c:\program files\SRS Labs\SRS Audio Essentials\AENotifier.exe" [2011-10-29 534904]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    .
    c:\users\jade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\jade\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    wandoujia_helper.lnk - c:\program files\WandouLabs\wandoujia_helper.exe [2012-7-9 4094920]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-12-12 21:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidCall]
    2012-10-29 18:34 3153592 -c--a-w- c:\program files\RaidCall\raidcall.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Google Update"="c:\users\jade\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    .
    R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 D-Vitec;D-Vitec Driver;c:\windows\system32\DRIVERS\dvitdcnt.sys [x]
    R3 drvUnhooker;drvUnhooker;c:\windows\system32\drivers\LHTSSDT.sys [x]
    R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe [x]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]
    R3 XDva386;XDva386;c:\windows\system32\XDva386.sys [x]
    R3 XDva388;XDva388;c:\windows\system32\XDva388.sys [x]
    R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]
    R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]
    R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
    R3 XDva392;XDva392;c:\windows\system32\XDva392.sys [x]
    R3 XDva393;XDva393;c:\windows\system32\XDva393.sys [x]
    R3 XDva396;XDva396;c:\windows\system32\XDva396.sys [x]
    R3 XDva397;XDva397;c:\windows\system32\XDva397.sys [x]
    R3 XDva398;XDva398;c:\windows\system32\XDva398.sys [x]
    R3 XDva399;XDva399;c:\windows\system32\XDva399.sys [x]
    R3 XDva400;XDva400;c:\windows\system32\XDva400.sys [x]
    R3 XDva401;XDva401;c:\windows\system32\XDva401.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    R4 XDva394;XDva394;c:\windows\system32\XDva394.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
    S2 sprtsvc_globe;SupportSoft Sprocket Service (globe);c:\program files\Globe Telecom\Click Fix\bin\sprtsvc.exe [x]
    S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
    S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-29 07:01]
    .
    2013-02-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1599735970-808408531-985281693-1000Core.job
    - c:\users\jade\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 03:11]
    .
    2013-02-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1599735970-808408531-985281693-1000UA.job
    - c:\users\jade\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 03:11]
    .
    2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-10 01:46]
    .
    2013-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-10 01:46]
    .
    2013-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1599735970-808408531-985281693-1000Core.job
    - c:\users\jade\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 01:21]
    .
    2013-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1599735970-808408531-985281693-1000UA.job
    - c:\users\jade\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 01:21]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Free YouTube Download - c:\users\jade\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    TCP: DhcpNameServer = 192.168.254.254
    TCP: Interfaces\{A638D5F2-6887-4F44-B45F-5E951DF0A7F4}: NameServer = 222.127.143.5
    FF - ProfilePath - c:\users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\
    FF - prefs.js: browser.search.selectedEngine - blekko
    FF - prefs.js: browser.startup.homepage - hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310
    FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=536c75e7&tbp=rbox&u=c0f0113300000000000000e065058310&q=
    FF - ExtSQL: 2013-02-07 06:44; [email protected]; c:\users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\extensions\[email protected]
    FF - ExtSQL: 2013-02-07 06:44; [email protected]; c:\users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\extensions\[email protected]
    FF - user.js: extensions.BabylonToolbar_i.id - c0f0113300000000000000e065058310
    FF - user.js: extensions.BabylonToolbar_i.hardId - c0f0113300000000000000e065058310
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15579
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:50
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack -
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt -
    FF - user.js: extensions.BabylonToolbar_i.instlRef - std
    FF - user.js: extentions.y2layers.installId - 9e278ec1-cb22-457f-aabf-0e331e46df7d
    FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.spamfreesearch.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
    FF - user.js: extensions.spamfreesearch.autoRvrt - false
    FF - user.js: extensions.spamfreesearch_i.hmpg - true
    FF - user.js: extensions.spamfreesearch.hmpgUrl - hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310
    FF - user.js: extensions.spamfreesearch.hpOld0 -
    FF - user.js: extensions.spamfreesearch.hpNew - hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310
    FF - user.js: extensions.spamfreesearch.dfltSrch - true
    FF - user.js: extensions.spamfreesearch.srchPrvdr - blekko
    FF - user.js: extensions.spamfreesearch.keyWordUrl - hxxp://blekko.com/ws/?source=536c75e7&tbp=rbox&u=c0f0113300000000000000e065058310&q=
    FF - user.js: extensions.spamfreesearch.dspOld -
    FF - user.js: extensions.spamfreesearch.dspNew - blekko
    FF - user.js: extensions.spamfreesearch_i.dnsErr - true
    FF - user.js: extensions.spamfreesearch_i.newTab - true
    FF - user.js: extensions.spamfreesearch.newTabUrl - chrome://spamfreesearch/content/new browser tab.html?source=536c75e7&tbp=tab&u=c0f0113300000000000000e065058310
    FF - user.js: extensions.spamfreesearch.tlbrSrchUrl - hxxp://blekko.com/ws/?source=536c75e7&tbp=main&u=c0f0113300000000000000e065058310&q=
    FF - user.js: extensions.spamfreesearch.id - c0f0113300000000000000e065058310
    FF - user.js: extensions.spamfreesearch.appId - {1005247F-A178-490A-8DC3-6BAF09EA427B}
    FF - user.js: extensions.spamfreesearch.instlDay - 15743
    FF - user.js: extensions.spamfreesearch.vrsn - 1.8.3.9
    FF - user.js: extensions.spamfreesearch.vrsni - 1.8.3.9
    FF - user.js: extensions.spamfreesearch_i.vrsnTs - 1.8.3.915:35
    FF - user.js: extensions.spamfreesearch.prtnrId - blekko
    FF - user.js: extensions.spamfreesearch.prdct - spamfreesearch
    FF - user.js: extensions.spamfreesearch.aflt - orgnl
    FF - user.js: extensions.spamfreesearch_i.smplGrp - none
    FF - user.js: extensions.spamfreesearch.tlbrId - base
    FF - user.js: extensions.spamfreesearch.instlRef - 536c75e7
    FF - user.js: extensions.spamfreesearch.dfltLng -
    FF - user.js: extensions.spamfreesearch.excTlbr - false
    FF - user.js: extensions.spamfreesearch.admin - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
    URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
    WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
    HKCU-Run-AdobeBridge - (no file)
    SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
    MSConfigStartUp-GoogleDriveSync - c:\program files\Google\Drive\googledrivesync.exe
    AddRemove-WinRAR archiver - c:\program files\uninstall.exe
    AddRemove-{E6AA5D49-777A-4707-9B92-624D500786EE}_is1 - c:\program files (x86)\GameClub\Crossfire\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariDownload"
    .
    [HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (S-1-5-21-1599735970-808408531-985281693-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.HTM"
    .
    [HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (S-1-5-21-1599735970-808408531-985281693-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.HTM"
    .
    [HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariExtension"
    .
    [HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (S-1-5-21-1599735970-808408531-985281693-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
    @Denied: (2) (S-1-5-21-1599735970-808408531-985281693-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.SVG"
    .
    [HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="SafariHTML"
    .
    [HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (S-1-5-21-1599735970-808408531-985281693-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.XHT"
    .
    [HKEY_USERS\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (S-1-5-21-1599735970-808408531-985281693-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="IE.AssocFile.XHT"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-11 21:01:32
    ComboFix-quarantined-files.txt 2013-02-12 05:01
    .
    Pre-Run: 70,553,763,840 bytes free
    Post-Run: 70,344,212,480 bytes free
    .
    - - End Of File - - 4EC236D5937A340EE6383BF1A08B9F61
     
  11. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,842
    That didn't show what I expected it to
    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  12. co0ljade

    co0ljade Thread Starter

    Joined:
    Feb 10, 2013
    Messages:
    16
    # AdwCleaner v2.112 - Logfile created 02/19/2013 at 21:51:18
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
    # User : jade - JADE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\jade\Downloads\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
    File Found : C:\user.js
    File Found : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\searchplugins\Askcom.xml
    File Found : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\searchplugins\Conduit.xml
    File Found : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\searchplugins\spamfreesearch.xml
    Folder Found : C:\Program Files\blekko
    Folder Found : C:\Program Files\Conduit
    Folder Found : C:\Program Files\Yontoo
    Folder Found : C:\ProgramData\Babylon
    Folder Found : C:\ProgramData\InstallMate
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDfast
    Folder Found : C:\ProgramData\Premium
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\Users\jade\AppData\Local\APN
    Folder Found : C:\Users\jade\AppData\Local\Babylon
    Folder Found : C:\Users\jade\AppData\Local\Conduit
    Folder Found : C:\Users\jade\AppData\LocalLow\BabylonToolbar
    Folder Found : C:\Users\jade\AppData\LocalLow\blekko
    Folder Found : C:\Users\jade\AppData\LocalLow\boost_interprocess
    Folder Found : C:\Users\jade\AppData\LocalLow\Conduit
    Folder Found : C:\Users\jade\AppData\LocalLow\PriceGong
    Folder Found : C:\Users\jade\AppData\Roaming\Babylon
    Folder Found : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\ConduitCommon
    Folder Found : C:\Users\jade\AppData\Roaming\OpenCandy

    ***** [Registry] *****

    Key Found : HKCU\Software\1ClickDownload
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\blekko
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
    Key Found : HKCU\Software\IGearSettings
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EECF410C-006C-4A05-AD13-6741A0814DBF}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
    Key Found : HKCU\Software\SmartBar
    Key Found : HKCU\Software\Softonic
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\Software\blekko
    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{ED90EC38-E71B-4C05-8FC1-DE46D5E692F5}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{441DDAAE-EE81-4DFF-B523-11D1A9134C3E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{709CA6FC-5747-4C3C-A4B0-064AC86415ED}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{C2C8A5A6-1DFC-4ED1-A4DC-90EEC596AADC}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E6026FA7-B9E5-4265-B22E-8EC40169C83D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EECF410C-006C-4A05-AD13-6741A0814DBF}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Found : HKLM\SOFTWARE\Classes\esrv.spamfreesearchESrvc
    Key Found : HKLM\SOFTWARE\Classes\esrv.spamfreesearchESrvc.1
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\spamfreesearch.dskBnd
    Key Found : HKLM\SOFTWARE\Classes\spamfreesearch.dskBnd.1
    Key Found : HKLM\SOFTWARE\Classes\spamfreesearch.Hlpr
    Key Found : HKLM\SOFTWARE\Classes\spamfreesearch.Hlpr.1
    Key Found : HKLM\SOFTWARE\Classes\spamfreesearch.spamfreesearchappCore
    Key Found : HKLM\SOFTWARE\Classes\spamfreesearch.spamfreesearchappCore.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BA93826B-8DCE-40C3-9E31-07E449C0A979}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{ED90EC38-E71B-4C05-8FC1-DE46D5E692F5}
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\Freeze.com
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ofaekbahncacnjgelnfjcjoelcglkhkj
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4729755-E1F9-48E4-BD9F-5B4D0202C16A}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spamfreesearch
    Key Found : HKU\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKU\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKU\S-1-5-21-1599735970-808408531-985281693-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EECF410C-006C-4A05-AD13-6741A0814DBF}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16438

    [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://blekko.com/ws/?source=536c75e7&tbp=tab&u=c0f0113300000000000000e065058310

    -\\ Mozilla Firefox v18.0.2 (en-US)

    File : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\prefs.js

    Found : user_pref("browser.search.order.1", "blekko");
    Found : user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
    Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Found : user_pref("extensions.BabylonToolbar_i.babTrack", "");
    Found : user_pref("extensions.BabylonToolbar_i.hardId", "c0f0113300000000000000e065058310");
    Found : user_pref("extensions.BabylonToolbar_i.id", "c0f0113300000000000000e065058310");
    Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15579");
    Found : user_pref("extensions.BabylonToolbar_i.instlRef", "std");
    Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
    Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Found : user_pref("extensions.BabylonToolbar_i.srcExt", "");
    Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
    Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:50:38");
    Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    Found : user_pref("extensions.spamfreesearch.dspNew", "blekko");
    Found : user_pref("extensions.spamfreesearch.hmpgUrl", "hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u[...]
    Found : user_pref("extensions.spamfreesearch.hpNew", "hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c[...]
    Found : user_pref("extensions.spamfreesearch.keyWordUrl", "hxxp://blekko.com/ws/?source=536c75e7&tbp=rbox&u=[...]
    Found : user_pref("extensions.spamfreesearch.prtnrId", "blekko");
    Found : user_pref("extensions.spamfreesearch.srchPrvdr", "blekko");
    Found : user_pref("extensions.spamfreesearch.tlbrSrchUrl", "hxxp://blekko.com/ws/?source=536c75e7&tbp=main&u[...]
    Found : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source=536c75e7&tbp=rbox&u=c0f0113300000000000000e06[...]

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\jade\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [12208 octets] - [19/02/2013 21:51:18]

    ########## EOF - C:\AdwCleaner[R1].txt - [12269 octets] ##########
     
  13. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,842
    Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
    The logfile will also be saved in C:\AdwCleaner[S1].txt
     
  14. co0ljade

    co0ljade Thread Starter

    Joined:
    Feb 10, 2013
    Messages:
    16
    # AdwCleaner v2.112 - Logfile created 02/20/2013 at 08:06:29
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
    # User : jade - JADE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\jade\Downloads\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
    File Deleted : C:\user.js
    File Deleted : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\searchplugins\Askcom.xml
    File Deleted : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\searchplugins\Conduit.xml
    File Deleted : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\searchplugins\spamfreesearch.xml
    Folder Deleted : C:\Program Files\blekko
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\Yontoo
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDfast
    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\jade\AppData\Local\APN
    Folder Deleted : C:\Users\jade\AppData\Local\Babylon
    Folder Deleted : C:\Users\jade\AppData\Local\Conduit
    Folder Deleted : C:\Users\jade\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\jade\AppData\LocalLow\blekko
    Folder Deleted : C:\Users\jade\AppData\LocalLow\boost_interprocess
    Folder Deleted : C:\Users\jade\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\jade\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\jade\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\ConduitCommon
    Folder Deleted : C:\Users\jade\AppData\Roaming\OpenCandy

    ***** [Registry] *****

    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\blekko
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EECF410C-006C-4A05-AD13-6741A0814DBF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\blekko
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED90EC38-E71B-4C05-8FC1-DE46D5E692F5}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{441DDAAE-EE81-4DFF-B523-11D1A9134C3E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{709CA6FC-5747-4C3C-A4B0-064AC86415ED}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C2C8A5A6-1DFC-4ED1-A4DC-90EEC596AADC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E6026FA7-B9E5-4265-B22E-8EC40169C83D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EECF410C-006C-4A05-AD13-6741A0814DBF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.spamfreesearchESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.spamfreesearchESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.dskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.dskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.Hlpr
    Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.Hlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.spamfreesearchappCore
    Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.spamfreesearchappCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA93826B-8DCE-40C3-9E31-07E449C0A979}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED90EC38-E71B-4C05-8FC1-DE46D5E692F5}
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ofaekbahncacnjgelnfjcjoelcglkhkj
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4729755-E1F9-48E4-BD9F-5B4D0202C16A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spamfreesearch
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EECF410C-006C-4A05-AD13-6741A0814DBF}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16438

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c0f0113300000000000000e065058310 --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://blekko.com/ws/?source=536c75e7&tbp=tab&u=c0f0113300000000000000e065058310 --> hxxp://www.google.com

    -\\ Mozilla Firefox v18.0.2 (en-US)

    File : C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\prefs.js

    C:\Users\jade\AppData\Roaming\Mozilla\Firefox\Profiles\98r7dufa.default\user.js ... Deleted !

    Deleted : user_pref("browser.search.order.1", "blekko");
    Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
    Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "");
    Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "c0f0113300000000000000e065058310");
    Deleted : user_pref("extensions.BabylonToolbar_i.id", "c0f0113300000000000000e065058310");
    Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15579");
    Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "std");
    Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
    Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "");
    Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:50:38");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    Deleted : user_pref("extensions.spamfreesearch.dspNew", "blekko");
    Deleted : user_pref("extensions.spamfreesearch.hmpgUrl", "hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u[...]
    Deleted : user_pref("extensions.spamfreesearch.hpNew", "hxxp://blekko.com/ws/?source=536c75e7&tbp=homepage&u=c[...]
    Deleted : user_pref("extensions.spamfreesearch.keyWordUrl", "hxxp://blekko.com/ws/?source=536c75e7&tbp=rbox&u=[...]
    Deleted : user_pref("extensions.spamfreesearch.prtnrId", "blekko");
    Deleted : user_pref("extensions.spamfreesearch.srchPrvdr", "blekko");
    Deleted : user_pref("extensions.spamfreesearch.tlbrSrchUrl", "hxxp://blekko.com/ws/?source=536c75e7&tbp=main&u[...]
    Deleted : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source=536c75e7&tbp=rbox&u=c0f0113300000000000000e06[...]

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\jade\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [12339 octets] - [19/02/2013 21:51:18]
    AdwCleaner[R2].txt - [12400 octets] - [20/02/2013 08:06:05]
    AdwCleaner[S1].txt - [12340 octets] - [20/02/2013 08:06:29]

    ########## EOF - C:\AdwCleaner[S1].txt - [12401 octets] ##########
     
  15. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,842
    are you still having any problems after that
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1088931