|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
browser change
I work on a PC with windows XP and IE8
From time to time a pop-up appears on my screen saying “Browser change. It appears that there is an attempt to change your default search engine or your homepage or interfere with your browsing experience. Do you approve these changes to be made?" I cannot find which program sends this warning, what change may be made etc. Two malware programs scanned already my computer and didn't find any viruses or malware The warning is only annoying but I would like to be rid of it. What can be done Please advise |
#2
|
||||
|
||||
Hello, idr
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. Please take note of some guidelines for this fix:
|
#3
|
|||
|
|||
browser change
Thanks Tom
Now I have both reports on my desktop but they are to long to send them here. What shall be done Yochanan |
#4
|
|||
|
|||
I divided the OTL and will try to send it in two parts and hope for the best
here they are OTL logfile created on: 29/05/2013 05:24:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\שולחן העבודה Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy 1.90 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.61% Memory free 3.75 Gb Paging File | 2.79 Gb Available in Paging File | 74.45% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 453.34 Gb Free Space | 97.34% Space Free | Partition Type: NTFS Drive E: | 3.74 Gb Total Space | 1.09 Gb Free Space | 29.25% Space Free | Partition Type: FAT32 Computer Name: 63D066946A994F6 | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/29 05:23:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\שולחן העבודה\OTL.exe PRC - [2013/05/15 17:17:34 | 000,554,408 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2013/05/09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013/05/09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2013/04/26 08:03:12 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2013/04/26 07:54:56 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013/04/03 14:50:09 | 000,169,096 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe PRC - [2013/04/03 14:50:01 | 001,483,912 | ---- | M] (APN) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier .exe PRC - [2013/03/22 16:09:37 | 002,787,280 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2013/03/06 22:50:48 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe PRC - [2013/03/06 02:23:50 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager .exe PRC - [2013/03/06 02:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe PRC - [2012/12/25 17:35:10 | 004,474,832 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe PRC - [2012/09/06 01:52:22 | 000,112,968 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2012/05/24 07:42:20 | 002,207,080 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\mylbx.exe PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe PRC - [2011/01/19 23:36:38 | 001,420,800 | ---- | M] () -- C:\Program Files\ABK\abk.exe PRC - [2008/07/06 17:31:02 | 000,331,776 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\KMProcess.exe PRC - [2008/06/23 21:28:08 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\KMWDSrv.exe PRC - [2008/06/14 01:02:04 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\KMCONFIG.exe PRC - [2008/05/30 01:22:38 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Keyboard & Mouse Driver\StartAutorun.exe PRC - [2008/04/28 06:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006M C.EXE PRC - [2007/05/04 13:14:04 | 000,036,864 | ---- | M] ( ) -- C:\Program Files\HP\HP UT\bin\hppusg.exe PRC - [2004/08/27 14:00:00 | 001,200,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003/08/19 17:00:40 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe PRC - [2003/08/19 16:56:56 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe PRC - [1997/08/06 00:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE PRC - [1997/08/06 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE ========== Modules (No Company Name) ========== MOD - [2013/05/28 23:17:11 | 002,086,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13052801\algo.dll MOD - [2013/03/24 09:56:20 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll MOD - [2013/03/22 16:09:37 | 002,787,280 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013/03/22 16:08:36 | 002,520,016 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2013/03/06 02:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe MOD - [2013/01/08 09:05:57 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem\4d31fb110cc6e242b2f001b1998f2501\System.ni.dll MOD - [2013/01/08 09:05:51 | 011,415,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\msc orlib\5ecfa8b67f79084594c785c7aa52ed22\mscorlib.ni .dll MOD - [2013/01/08 09:05:29 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll MOD - [2013/01/07 10:42:58 | 000,010,752 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqusg\3.0.0.0__a5 3cf5803f4c3827\interop.hpqusg.dll MOD - [2013/01/07 10:41:08 | 002,076,672 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system .xml\1.0.5000.0__b77a5c561934e089_cb4c3d9f\system. xml.dll MOD - [2013/01/07 10:41:07 | 002,994,176 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system .windows.forms\1.0.5000.0__b77a5c561934e089_4bb618 2d\system.windows.forms.dll MOD - [2013/01/07 10:41:04 | 001,929,216 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system \1.0.5000.0__b77a5c561934e089_bf4c42e3\system.dll MOD - [2013/01/07 10:41:01 | 003,289,088 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorl ib\1.0.5000.0__b77a5c561934e089_4591673b\mscorlib. dll MOD - [2013/01/07 10:40:38 | 002,039,808 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5 000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2013/01/07 10:40:38 | 001,335,296 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77 a5c561934e089\system.xml.dll MOD - [2013/01/07 10:40:38 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serializati on.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\sy stem.runtime.serialization.formatters.soap.dll MOD - [2013/01/07 10:40:37 | 001,216,512 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c5 61934e089\system.dll MOD - [2012/12/31 10:05:42 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2012/07/05 13:54:32 | 001,218,432 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\Scan.dll MOD - [2011/06/23 13:41:30 | 000,138,752 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll MOD - [2011/01/19 23:36:38 | 001,420,800 | ---- | M] () -- C:\Program Files\ABK\abk.exe MOD - [2010/11/26 12:18:08 | 000,175,616 | ---- | M] () -- C:\Program Files\IObit\IObit Malware Fighter\unrar.dll MOD - [2010/06/30 14:03:14 | 000,051,512 | ---- | M] () -- C:\Program Files\My Lockbox\FSPFlt.dll MOD - [2008/06/16 09:06:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Keyboard & Mouse Driver\MouseHook.dll MOD - [2008/03/05 22:07:06 | 000,012,800 | ---- | M] () -- C:\Program Files\ABK\shook.dll MOD - [2008/02/07 10:05:18 | 000,163,840 | ---- | M] () -- C:\WINDOWS\system32\hppatusg01.dll MOD - [2007/03/29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files\Keyboard & Mouse Driver\keydll.dll MOD - [2003/08/03 21:58:08 | 000,065,536 | ---- | M] () -- C:\Program Files\Lexmark X1100 Series\ConvDIB.dll MOD - [2003/07/29 15:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C .DLL MOD - [1997/08/06 00:00:00 | 003,782,416 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL MOD - [1997/08/06 00:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE MOD - [1997/08/06 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Documents and Settings\Owner\Application Data\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013/05/16 06:53:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013/04/26 07:54:56 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/04/03 14:50:09 | 000,169,096 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP) SRV - [2013/03/22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013/03/06 02:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe -- (RealNetworks Downloader Resolver Service) SRV - [2013/02/07 09:18:09 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/09/06 01:52:22 | 000,112,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel(R) SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice) SRV - [2008/06/23 21:28:08 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Keyboard & Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [File_System | Auto | Stopped] -- E:\Protected Folder\Unort-old\Protected Folder\pffilter.sys -- (PfFilter) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013/05/28 07:06:46 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gfibto.sys -- (gfibto) DRV - [2013/05/09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013/05/09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013/05/09 10:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013/05/09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013/05/09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013/05/09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013/05/09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2013/05/09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013/03/07 01:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2012/08/21 18:34:12 | 006,168,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2012/08/11 00:22:21 | 000,218,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress) DRV - [2012/07/05 13:54:18 | 000,016,248 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter) DRV - [2012/07/05 13:54:16 | 000,030,408 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter) DRV - [2012/01/05 18:07:40 | 000,246,816 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor) DRV - [2010/07/22 17:13:28 | 000,041,912 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\FSPFltd.sys -- (FSProFilter) DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008/03/22 11:31:58 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS -- (KMWDFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? } IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=400&systemid=406&apn_dtid= BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9514097236 984954&q={searchTerms} IE - HKLM\..\SearchScopes\{fe8a5a30-7831-4eb2-a9e7-8402c384c841}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AIC^xdm007^YY^il&si=CIqIwPm857QCF cVY3god4XgAnw&ptb=8CCB72C9-4057-4A75-90A2-0E730F7833F3&ind=2013011403&n=77fc1dcb&psa=&st=sb& searchfor={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?affID=1...00e069959a7e5b IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ncr IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = he IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 CF E6 FE 91 0D CE 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate} IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll () IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId= 341d11a1000000000000e069959a7e5b IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_0&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} IE - HKCU\..\SearchScopes\{75476FC1-0FDA-42F8-B122-120AC818213D}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=crm&q={se archTerms}&locale=en_US&apn_ptnrs=^F4&apn_dtid=^YY YYYY^YY^IL&apn_uid=2bcee474-e483-4429-8c9a-5133a024fe1f&apn_sauid=20EE11BF-A93A-4D3B-92C7-BBA3361A1D15 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=400&systemid=406&apn_dtid= BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9514097236 984954&q={searchTerms} IE - HKCU\..\SearchScopes\{fe8a5a30-7831-4eb2-a9e7-8402c384c841}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AIC^xdm007^YY^il&si=CIqIwPm857QCF cVY3god4XgAnw&ptb=8CCB72C9-4057-4A75-90A2-0E730F7833F3&ind=2013011403&n=77fc1dcb&psa=&st=sb& searchfor={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "SecureSearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.delta-search.com/?affID=119776&babsrc=HP_ss_pr&mntrId=341d11a100000 0000000e069959a7e5b" FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1 FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02 FF - prefs.js..extensions.enabledAddons: %7BDAC3F861-B30D-40dd-9166-F4E75327FAC7%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: toolbar_W3I4-G%40apn.ask.com:12.40914 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489 FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.15.100013 FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:3.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..keyword.URL: "http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_0&hsimp=yhs-lavasoft&ent=bs&q=" FF - prefs.js..browser.startup.homepage: "http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=18E51 1A148026EED6049DF51A43C7EF2" FF - prefs.js..browser.search.defaulturl: "http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=18E51 1A148026EED6049DF51A43C7EF2" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_70 0_202.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@ReadingFanatic_6x.co m/Plugin: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\np dlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/27 05:54:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\6xffxtbr@ReadingFanatic_6x.com: C:\Program Files\ReadingFanatic_6x\bar\1.bin [2013/02/06 06:26:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext\ [2013/04/26 08:03:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/28 07:13:01 | 000,000,000 | ---D | M] [2013/02/28 08:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions [2013/05/28 07:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions [2013/03/06 09:44:47 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013/05/28 07:11:31 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2013/01/14 10:56:29 | 000,000,000 | ---D | M] (ReadingFanatic) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\6xffxtbr@ReadingFanatic_6x.com [2013/03/07 09:59:17 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\plugin@yontoo.com [2013/05/14 05:57:22 | 000,000,000 | ---D | M] ("Foxit PDF Creator Toolbar") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\toolbar@ask.com [2013/05/16 05:50:18 | 000,438,777 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\toolbar_W3I4-G@apn.ask.com.xpi [2013/03/07 09:59:03 | 000,213,444 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\torntv@torntv.com.xpi [2013/05/27 10:39:30 | 000,002,580 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\askcom.xml [2013/05/02 06:59:44 | 000,006,487 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\babylon.xml [2013/05/02 06:59:44 | 000,006,487 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\BrowserProtect.xml [2013/02/28 07:59:55 | 000,002,687 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\Search_Results.xml [2013/03/03 08:58:15 | 000,021,695 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\Web Search.xml [2013/02/28 08:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/03/24 06:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions [2013/03/24 06:49:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/04/26 08:03:38 | 000,000,000 | ---D | M] (RealDownloader) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FI REFOX\EXT [2013/05/27 05:54:14 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013/03/28 06:19:21 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/05/13 14:12:06 | 000,000,644 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml [2013/03/07 09:59:29 | 000,006,484 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012/11/29 10:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/02/28 07:59:55 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2013/03/28 06:19:18 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml |
#5
|
|||
|
|||
OTL2
========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://securedsearch2.lavasoft.com/i...49DF51A43C7EF2 CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaalnlbjohpcogiifplhmlcdg fgamnh\12.40914_0\ CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaoiagmlcohkmjodefppbmpj diocmh\7.17.6.0_0\ CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.6_1\ CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmj bilmde\1.3_1\ CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjb npdiji\1.3.1_0\ CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmb nnoole\0.8_0\ CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\phegaokedjdajgnfphbnpkcfdg jbidko\1.0.0.6_0\ CHR - Extension: No name found = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_1\ O1 HOSTS File: ([2004/08/27 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE \rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Ask Toolbar) - {57334934-2D47-006A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\W3I4-G\Passport.dll (APN LLC.) O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {57334934-2D47-006A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\W3I4-G\Passport.dll (APN LLC.) O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {b36151d1-7770-4480-87e4-f89fb54e173d} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {57334934-2D47-006A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\W3I4-G\Passport.dll (APN LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier .exe (APN) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe (Zenographics) O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( ) O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit) O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe File not found O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [ABK] C:\Program Files\ABK\abk.exe () O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKCU..\Run: [Yontoo Desktop] C:\Documents and Settings\Owner\Application Data\Yontoo\YontooDesktop.exe (Yontoo LLC) O4 - Startup: C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE () O4 - Startup: C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE () O4 - Startup: C:\Documents and Settings\Owner\תפריט התחלה\תוכניות\הפעלה\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Search - http://tbedits.readingfanatic.com/one-toolbaredits/menusearch.jhtml?s=209595816&p2=^AIC^xdm007^YY^il& si=CIqIwPm857QCFcVY3god4XgAnw&a=8CCB72C9-4057-4A75-90A2-0E730F7833F3&n=2013011403 File not found O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/w...?1355997665750 (WUWebControl Class) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1355998424640 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.179.52.100 80.179.55.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{67556DAD-CB19-4DDF-A634-7736372D9D72}: DhcpNameServer = 80.179.52.100 80.179.55.100 O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\261249~1.1 32\{c16c1~1\browse~1.dll) - c:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (דף הבית הנוכחי שלי) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/12/20 10:06:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{de73cdae-4fdf-11e2-9b14-e069959a7e5b}\Shell\AutoRun\command - "" = RunClubSanDisk.exe O33 - MountPoints2\{ff8c23ce-685e-11e2-9b41-e069959a7e5b}\Shell\AutoRun\command - "" = "E:\USB Secure.exe" 1 O33 - MountPoints2\{ff8c23ce-685e-11e2-9b41-e069959a7e5b}\Shell\explore\command - "" = "E:\USB Secure.exe" 1 O33 - MountPoints2\{ff8c23ce-685e-11e2-9b41-e069959a7e5b}\Shell\open\command - "" = "E:\USB Secure.exe" 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/05/29 05:23:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\שולחן העבודה\OTL.exe [2013/05/29 05:10:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent [2013/05/28 07:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2013/05/28 07:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Search Protection [2013/05/28 07:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars [2013/05/28 07:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\adawaretb [2013/05/28 07:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\adawarebp [2013/05/28 07:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection [2013/05/28 07:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner [2013/05/28 07:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SecureSearch [2013/05/28 07:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\adawaretb [2013/05/28 07:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb [2013/05/28 07:06:47 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe [2013/05/28 07:06:47 | 000,013,560 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys [2013/05/28 07:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Ad-Aware Antivirus [2013/05/27 06:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\Google Drive [2013/05/14 10:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\sun [2013/05/14 10:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\LibreOffice 4.0 [2013/05/08 11:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\PDF-XChange PDF Viewer [2013/05/08 11:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software [2013/05/08 11:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SumatraPDF [2013/05/08 11:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF [2013/05/08 07:29:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/05/08 07:28:20 | 000,000,000 | ---D | C] -- C:\temp [2013/05/06 08:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\dvdcss [2013/05/05 06:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer [2013/05/05 06:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Safari [2013/05/05 06:20:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2013/05/05 06:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple [2013/05/05 06:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2013/05/05 06:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [2013/05/03 07:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\AntiTwin [2013/05/03 06:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\Auslogics [2013/05/03 06:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics [2013/05/03 06:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Apple Computer [2013/05/02 10:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\IObit Malware Fighter [2013/05/02 10:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IObit [2013/05/02 10:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\IObit [2013/05/02 10:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\Protected Folder [2013/05/02 10:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit [2013/05/02 10:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\KASHU [2013/05/01 08:45:36 | 000,000,000 | ---D | C] -- C:\swoof [2013/04/30 10:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar [2013/04/30 10:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\APN [2013/04/30 10:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask [2013/04/30 10:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software [2013/04/30 10:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\Foxit Reader [2013/04/30 10:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2013/04/30 10:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Foxit Software [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/05/29 05:34:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2013/05/29 05:23:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\שולחן העבודה\OTL.exe [2013/05/29 05:14:00 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013/05/29 05:13:25 | 000,401,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/05/29 05:13:25 | 000,319,176 | ---- | M] () -- C:\WINDOWS\System32\perfh00d.dat [2013/05/29 05:13:25 | 000,062,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/05/29 05:13:25 | 000,062,464 | ---- | M] () -- C:\WINDOWS\System32\perfc00d.dat [2013/05/29 05:11:15 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/05/29 05:11:11 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\שולחן העבודה\Google Chrome.lnk [2013/05/29 05:09:38 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1935655697-1767777339-725345543-1003.job [2013/05/29 05:09:35 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTas kS-1-5-21-1935655697-1767777339-725345543-1003.job [2013/05/29 05:08:49 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/05/29 05:08:49 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTas kS-1-5-21-1935655697-1767777339-725345543-1003.job [2013/05/29 05:08:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/05/28 10:31:15 | 001,462,272 | -H-- | M] () -- C:\ffastun0.ffx [2013/05/28 10:31:15 | 000,606,208 | -H-- | M] () -- C:\ffastun.ffl [2013/05/28 10:31:15 | 000,131,072 | -H-- | M] () -- C:\ffastun.ffo [2013/05/28 10:31:15 | 000,004,818 | -H-- | M] () -- C:\ffastun.ffa [2013/05/28 10:06:05 | 000,000,687 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI [2013/05/28 09:53:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/05/28 09:37:18 | 000,001,547 | ---- | M] () -- C:\WINDOWS\ULead.ini [2013/05/28 07:06:46 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe [2013/05/28 07:06:46 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys [2013/05/27 05:55:09 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2013/05/26 11:37:41 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\שולחן העבודה\Safari.lnk [2013/05/26 09:46:57 | 000,000,297 | ---- | M] () -- C:\WINDOWS\CDPHOTO.INI [2013/05/26 08:52:02 | 000,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv [2013/05/26 05:15:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/05/22 05:37:39 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeSchedule dTaskS-1-5-21-1935655697-1767777339-725345543-1003.job [2013/05/21 06:04:18 | 000,021,663 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\change.jpg [2013/05/19 05:35:00 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduled TaskS-1-5-21-1935655697-1767777339-725345543-1003.job [2013/05/16 06:11:01 | 000,072,076 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2013/05/16 05:49:10 | 000,313,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/05/13 05:51:42 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2013/05/09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2013/05/09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2013/05/09 10:59:10 | 000,174,664 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013/05/09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2013/05/09 10:59:10 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2013/05/09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [2013/05/09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2013/05/09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2013/05/09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2013/05/09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2013/05/09 06:12:45 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/05/08 11:24:28 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\All Users\שולחן העבודה\PDF-Viewer.lnk [2013/05/07 07:13:37 | 000,044,421 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\countries.pdf [2013/05/06 08:27:39 | 000,067,249 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\teeth.pdf [2013/05/05 06:36:00 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\הפעל את דפדפן Internet Explorer.lnk [2013/05/05 06:20:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/05/03 07:02:04 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\שולחן העבודה\Anti-Twin.lnk [2013/05/03 06:57:04 | 000,001,014 | ---- | M] () -- C:\Documents and Settings\Owner\שולחן העבודה\Auslogics Duplicate File Finder.lnk [2013/05/02 10:29:07 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\שולחן העבודה\IObit Malware Fighter.lnk [2013/05/02 10:23:23 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Owner\שולחן העבודה\USB Flash Security Ver.3.3.0.lnk [2013/05/02 10:21:12 | 000,001,547 | ---- | M] () -- C:\Documents and Settings\Owner\שולחן העבודה\My Lockbox.lnk [2013/05/01 11:11:50 | 000,020,389 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fish_story.html [2013/04/30 10:28:20 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2013/04/30 10:28:20 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\שולחן העבודה\Foxit Reader.lnk [2013/04/30 08:41:09 | 000,007,004 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Clipboard02.jpg [2013/04/30 08:40:15 | 000,012,441 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Clipboard01.jpg [2013/04/30 08:31:04 | 000,002,789 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\watch.pdf [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/05/21 06:04:18 | 000,021,663 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\change.jpg [2013/05/08 11:24:28 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\All Users\שולחן העבודה\PDF-Viewer.lnk [2013/05/08 11:09:22 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\SumatraPDF.lnk [2013/05/07 07:13:34 | 000,044,421 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\countries.pdf [2013/05/06 08:27:39 | 000,067,249 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\teeth.pdf [2013/05/05 06:22:40 | 000,072,076 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2013/05/05 06:20:37 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2013/05/05 06:20:37 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\שולחן העבודה\Safari.lnk [2013/05/05 06:20:37 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\Safari.lnk [2013/05/05 06:20:12 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/05/05 06:20:09 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\Apple Software Update.lnk [2013/05/03 07:02:06 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\Anti-Twin.lnk [2013/05/03 07:02:04 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\שולחן העבודה\Anti-Twin.lnk [2013/05/03 06:57:04 | 000,001,014 | ---- | C] () -- C:\Documents and Settings\Owner\שולחן העבודה\Auslogics Duplicate File Finder.lnk [2013/05/02 10:29:07 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\שולחן העבודה\IObit Malware Fighter.lnk [2013/05/02 10:23:23 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\Owner\תפריט התחלה\תוכניות\USB Flash Security Ver.3.3.0.lnk [2013/05/02 10:23:23 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Owner\שולחן העבודה\USB Flash Security Ver.3.3.0.lnk [2013/05/01 11:11:49 | 000,020,389 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\fish_story.html [2013/04/30 10:29:12 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2013/04/30 10:28:20 | 000,001,721 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2013/04/30 10:28:20 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\שולחן העבודה\Foxit Reader.lnk [2013/04/30 08:41:09 | 000,007,004 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Clipboard02.jpg [2013/04/30 08:40:15 | 000,012,441 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Clipboard01.jpg [2013/04/30 08:31:04 | 000,002,789 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\watch.pdf [2013/04/29 05:35:43 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeSchedule dTaskS-1-5-21-1935655697-1767777339-725345543-1003.job [2013/04/29 05:35:43 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTas kS-1-5-21-1935655697-1767777339-725345543-1003.job [2013/04/29 05:35:40 | 000,000,326 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduled TaskS-1-5-21-1935655697-1767777339-725345543-1003.job [2013/04/22 07:17:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/04/12 06:56:04 | 000,114,176 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\BabMaint.exe [2013/03/24 10:02:21 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini [2013/03/18 06:35:00 | 000,174,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013/03/18 06:35:00 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2013/03/11 09:44:37 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2013/03/11 09:44:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2013/03/03 09:17:29 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/02/11 09:06:18 | 000,008,066 | ---- | C] () -- C:\WINDOWS\extend.dat [2013/01/27 10:59:10 | 000,000,297 | ---- | C] () -- C:\WINDOWS\CDPHOTO.INI [2013/01/10 10:15:24 | 000,001,547 | ---- | C] () -- C:\WINDOWS\ULead.ini [2013/01/09 10:15:08 | 000,000,687 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI [2013/01/09 09:37:49 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Pex.INI [2013/01/09 09:33:49 | 000,000,074 | -H-- | C] () -- C:\WINDOWS\efdcet.dat [2013/01/08 06:38:39 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat [2013/01/07 10:42:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll [2013/01/07 10:21:43 | 000,233,525 | ---- | C] () -- C:\WINDOWS\System32\isutil.dll [2013/01/07 10:21:41 | 000,000,271 | ---- | C] () -- C:\WINDOWS\apptune.ini [2013/01/07 10:04:50 | 000,092,905 | ---- | C] () -- C:\WINDOWS\Scan to PDF Uninstaller.exe [2013/01/07 08:50:18 | 000,000,168 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2012/12/28 08:51:45 | 000,000,478 | ---- | C] () -- C:\Program Files\קיצור דרך אל IrfanView.lnk[2012/12/27 09:16:54 | 000,000,626 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012/12/27 09:16:54 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini [2012/12/20 11:25:40 | 000,261,208 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin [2012/12/20 11:25:40 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll [2012/12/20 11:25:39 | 000,963,144 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin [2012/12/20 11:25:39 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin [2012/12/20 11:25:39 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config [2012/12/20 11:21:11 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT [2012/12/20 10:07:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012/12/20 10:05:11 | 000,022,160 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2012/12/19 12:45:01 | 000,004,484 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012/12/19 12:44:06 | 000,313,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== ZeroAccess Check ========== [2013/01/07 10:40:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009/01/07 18:21:10 | 001,497,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/27 14:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/27 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/05/28 07:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection [2013/05/28 07:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\adawaretb [2013/04/23 09:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN [2013/04/30 10:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask [2013/04/23 09:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork [2012/12/26 09:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2013/03/07 09:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon [2013/05/28 07:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars [2013/05/16 05:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect [2013/05/28 07:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2013/05/02 10:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit [2013/01/15 10:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer [2013/05/07 07:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2013/01/16 10:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft [2013/01/20 06:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegClean [2013/05/28 07:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Search Protection [2013/03/07 09:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2013/01/10 10:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2013/05/28 07:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ad-Aware Antivirus [2013/05/28 08:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\adawaretb [2013/05/26 07:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Applian FLV and Media Player [2013/03/07 09:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BabSolution [2013/03/07 09:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Babylon [2013/01/09 06:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverFinder [2013/01/31 08:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\enchant [2013/05/07 11:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit Software [2012/12/27 09:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GHISLER [2013/05/02 10:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit [2013/05/14 10:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LibreOffice [2013/05/05 06:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy [2012/12/31 10:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org [2013/01/15 10:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PDF Writer [2013/03/24 10:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pdf995 [2013/01/07 10:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanWorks [2013/02/28 07:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\searchresultstb [2013/05/28 07:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecureSearch [2013/05/09 11:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SumatraPDF [2013/04/23 09:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Systweak [2013/01/15 09:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems [2013/03/07 09:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Yontoo ========== Purity Check ========== < End of report > |
#6
|
|||
|
|||
Extra
OTL Extras logfile created on: 29/05/2013 05:24:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\שולחן העבודה Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy 1.90 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.61% Memory free 3.75 Gb Paging File | 2.79 Gb Available in Paging File | 74.45% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 465.75 Gb Total Space | 453.34 Gb Free Space | 97.34% Space Free | Partition Type: NTFS Drive E: | 3.74 Gb Total Space | 1.09 Gb Free Space | 29.25% Space Free | Partition Type: FAT32 Computer Name: 63D066946A994F6 | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res. dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res. dll,-22019 -- (Microsoft Corporation) "C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation) "C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006 MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006M C.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited) "c:\program files\relevantknowledge\rlvknlg.exe" = c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvk nlg.exe "C:\Program Files\adawaretb\dtUser.exe" = C:\Program Files\adawaretb\dtUser.exe:*:Enabled:Ad-Aware Security Add-on DTX Broker -- (Visicom Media Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.5 Trial "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect "{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21 "{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{350C97B4-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{41D1AD50-4276-4DAF-8AAB-5D97D75E47B3}" = PaperScan Free Edition "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0 "{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver "{57334934-2D47-006A-76A7-A758B70B0801}" = Ask Toolbar "{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist "{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{735A3951-E139-4E4A-AFAE-BA25E9FF5E6A}" = PDFill FREE PDF Tools "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{81DE279A-62E9-472B-AAAE-40B99F262070}_is1" = ABsee Free Image Viewer 4.0.0 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Foxit PDF Creator Toolbar "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.04.1 "{90120000-0020-040D-0000-0000000FF1CE}" = חבילת תאימות עבור מהדורת 2007 של מערכת Office "{975C8028-51D8-44A9-9585-82E9810FE96A}" = hp LaserJet 1000 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1 "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) "{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver "{C2FF8E9B-7DF4-45DC-A4A1-D0A4102E0A03}" = LibreOffice 3.6 Help Pack (Hebrew) "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools "{D54ADF6B-2164-4394-AF70-2778422E9DD8}" = Intel(R) Network Connections 17.4.84.0 "{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "AbiWord2" = AbiWord 2.8.6 "ABK_is1" = ABK "adawaretb" = Ad-Aware Security Add-on "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Anti-Twin 2013-05-03 07.02.04" = Anti-Twin (Installation 03/05/2013) "Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12 "avast" = avast! Free Antivirus "Bullzip PDF Printer_is1" = Bullzip PDF Printer 9.3.0.1516 "CCleaner" = CCleaner "Delta Chrome Toolbar" = Delta Chrome Toolbar "Documalis Free Scanner 1.01.0" = Documalis Free Scanner 1.0 "Foxit Reader_is1" = Foxit Reader "Google Chrome" = Google Chrome "HP LaserJet P1000 series" = HP LaserJet P1000 series "ie8" = Windows Internet Explorer 8 "InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver "InstallShield_{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver "IObit Malware Fighter_is1" = IObit Malware Fighter "IrfanView" = IrfanView (remove only) "KASHU_UsbEnterVer.3.3.0" = USB Flash Security Ver.3.3.0 "Lexmark X1100 Series" = Lexmark X1100 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "My Lockbox_is1" = My Lockbox 2.8.5 "Office8.0" = Microsoft Office 97, Professional Edition "OmniFormat" = OmniFormat "Pdf995" = Pdf995 "Protected Folder_is1" = Protected Folder "RealPlayer 16.0" = RealPlayer "SumatraPDF" = SumatraPDF 2.2.1 "Totalcmd" = Total Commander (Remove or Repair) "Ulead Photo Express 3.0 SE" = Ulead Photo Express 3.0 SE "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Foxit PDF Creator Toolbar Updater "ICDL Book Reader" = ICDL Book Reader ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27/05/2013 04:53:20 | Computer Name = 63D066946A994F6 | Source = Application Error | ID = 1000 Description = תקלה ביישום iexplore.exe, גירסה 8.0.6001.18702, תקלה במודול mshtml.dll, גירסה 8.0.6001.18702, כתובת התקלה 0x00060833. Error - 27/05/2013 04:53:28 | Computer Name = 63D066946A994F6 | Source = Application Error | ID = 1000 Description = תקלה ביישום iexplore.exe, גירסה 8.0.6001.18702, תקלה במודול mshtml.dll, גירסה 8.0.6001.18702, כתובת התקלה 0x00060833. Error - 28/05/2013 00:31:30 | Computer Name = 63D066946A994F6 | Source = Application Hang | ID = 1002 Description = יישום לא מגיב iexplore.exe, גירסה 8.0.6001.18702, מודול חוסר תגובה hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000. Error - 28/05/2013 00:35:59 | Computer Name = 63D066946A994F6 | Source = Application Hang | ID = 1002 Description = יישום לא מגיב iexplore.exe, גירסה 8.0.6001.18702, מודול חוסר תגובה hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000. Error - 28/05/2013 01:13:03 | Computer Name = 63D066946A994F6 | Source = Application Error | ID = 1000 Description = תקלה ביישום Adaware_Installer[1].exe, גירסה 10.5.2.4379, תקלה במודול Adaware_Installer[1].exe, גירסה 10.5.2.4379, כתובת התקלה 0x0022feca. Error - 28/05/2013 04:10:45 | Computer Name = 63D066946A994F6 | Source = Application Hang | ID = 1002 Description = יישום לא מגיב iexplore.exe, גירסה 8.0.6001.18702, מודול חוסר תגובה hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000. Error - 28/05/2013 04:11:24 | Computer Name = 63D066946A994F6 | Source = Application Hang | ID = 1002 Description = יישום לא מגיב iexplore.exe, גירסה 8.0.6001.18702, מודול חוסר תגובה hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000. Error - 28/05/2013 04:16:35 | Computer Name = 63D066946A994F6 | Source = Application Hang | ID = 1002 Description = יישום לא מגיב iexplore.exe, גירסה 8.0.6001.18702, מודול חוסר תגובה hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000. Error - 28/05/2013 04:23:30 | Computer Name = 63D066946A994F6 | Source = Application Hang | ID = 1002 Description = יישום לא מגיב iexplore.exe, גירסה 8.0.6001.18702, מודול חוסר תגובה hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000. Error - 28/05/2013 04:36:18 | Computer Name = 63D066946A994F6 | Source = Application Error | ID = 1000 Description = תקלה ביישום realupgrade.exe, גירסה 16.0.1.18, תקלה במודול ntdll.dll, גירסה 5.1.2600.2180, כתובת התקלה 0x00018fea. [ System Events ] Error - 08/05/2013 23:47:36 | Computer Name = 63D066946A994F6 | Source = sr | ID = 1 Description = מסנן שחזור המערכת נתקל בשגיאה לא צפויה '0xC0000034' בעת עיבוד הקובץ '_filelst.cfg' באמצעי האחסון 'HarddiskVolume1'. המסנן הפסיק את הפיקוח על אמצעי האחסון. Error - 08/05/2013 23:49:07 | Computer Name = 63D066946A994F6 | Source = Windows Update Agent | ID = 16 Description = לא ניתן להתחבר: Windows אינו יכול להתחבר לשרות העדכונים האוטומטיים ולכן אינו יכול להוריד ולהתקין עדכונים לפי לוח הזמנים המתוזמן. Windows ימשיך לנסות ליצור התקשרות. Error - 12/05/2013 00:56:25 | Computer Name = 63D066946A994F6 | Source = Windows Update Agent | ID = 16 Description = לא ניתן להתחבר: Windows אינו יכול להתחבר לשרות העדכונים האוטומטיים ולכן אינו יכול להוריד ולהתקין עדכונים לפי לוח הזמנים המתוזמן. Windows ימשיך לנסות ליצור התקשרות. Error - 14/05/2013 00:56:27 | Computer Name = 63D066946A994F6 | Source = Windows Update Agent | ID = 16 Description = לא ניתן להתחבר: Windows אינו יכול להתחבר לשרות העדכונים האוטומטיים ולכן אינו יכול להוריד ולהתקין עדכונים לפי לוח הזמנים המתוזמן. Windows ימשיך לנסות ליצור התקשרות. Error - 16/05/2013 00:56:27 | Computer Name = 63D066946A994F6 | Source = Windows Update Agent | ID = 16 Description = לא ניתן להתחבר: Windows אינו יכול להתחבר לשרות העדכונים האוטומטיים ולכן אינו יכול להוריד ולהתקין עדכונים לפי לוח הזמנים המתוזמן. Windows ימשיך לנסות ליצור התקשרות. Error - 18/05/2013 23:59:22 | Computer Name = 63D066946A994F6 | Source = Windows Update Agent | ID = 16 Description = לא ניתן להתחבר: Windows אינו יכול להתחבר לשרות העדכונים האוטומטיים ולכן אינו יכול להוריד ולהתקין עדכונים לפי לוח הזמנים המתוזמן. Windows ימשיך לנסות ליצור התקשרות. Error - 20/05/2013 23:59:26 | Computer Name = 63D066946A994F6 | Source = Windows Update Agent | ID = 16 Description = לא ניתן להתחבר: Windows אינו יכול להתחבר לשרות העדכונים האוטומטיים ולכן אינו יכול להוריד ולהתקין עדכונים לפי לוח הזמנים המתוזמן. Windows ימשיך לנסות ליצור התקשרות. Error - 22/05/2013 23:59:26 | Computer Name = 63D066946A994F6 | Source = Windows Update Agent | ID = 16 Description = לא ניתן להתחבר: Windows אינו יכול להתחבר לשרות העדכונים האוטומטיים ולכן אינו יכול להוריד ולהתקין עדכונים לפי לוח הזמנים המתוזמן. Windows ימשיך לנסות ליצור התקשרות. Error - 25/05/2013 23:17:26 | Computer Name = 63D066946A994F6 | Source = Windows Update Agent | ID = 16 Description = לא ניתן להתחבר: Windows אינו יכול להתחבר לשרות העדכונים האוטומטיים ולכן אינו יכול להוריד ולהתקין עדכונים לפי לוח הזמנים המתוזמן. Windows ימשיך לנסות ליצור התקשרות. Error - 27/05/2013 23:28:45 | Computer Name = 63D066946A994F6 | Source = Windows Update Agent | ID = 16 Description = לא ניתן להתחבר: Windows אינו יכול להתחבר לשרות העדכונים האוטומטיים ולכן אינו יכול להוריד ולהתקין עדכונים לפי לוח הזמנים המתוזמן. Windows ימשיך לנסות ליצור התקשרות. < End of report > |
#7
|
||||
|
||||
A lot of cryptical language and signs in these logs. Where are you from?
Please download AdwCleaner by Xplode onto your desktop.
[img=http://imageshack.us/a/img841/7292/thisisujrt.gif] Please download Junkware Removal Tool to your desktop.
Next, download ComboFix Save to the Desktop
|
#8
|
|||
|
|||
# AdwCleaner v2.301 - Logfile created 05/29/2013 at 10:54:35
# Updated 16/05/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 2 (32 bits) # User : Owner - 63D066946A994F6 # Boot Mode : Normal # Running from : C:\Documents and Settings\Owner\שולחן העבודה\adwcleaner.exe # Option [Delete] ***** [Services] ***** Stopped & Deleted : BrowserProtect Stopped & Deleted : Yontoo Desktop Updater ***** [Files / Folders] ***** Deleted on reboot : C:\Documents and Settings\All Users\Application Data\BrowserProtect Deleted on reboot : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmj bilmde Deleted on reboot : C:\Program Files\askpartnernetwork File Deleted : C:\Documents and Settings\Owner\Application Data\BabMaint.exe File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\bpr otector_extensions.sqlite File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\bpr otector_prefs.js File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\Askcom.xml File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\Babylon.xml File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\BrowserProtect.xml File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\Search_Results.xml File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\sea rchplugins\Web Search.xml File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml File Deleted : C:\WINDOWS\Tasks\EPUpdater.job File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Folder Deleted : C:\Documents and Settings\All Users\Application Data\adawaretb Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask Folder Deleted : C:\Documents and Settings\All Users\Application Data\askpartnernetwork Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars Folder Deleted : C:\Documents and Settings\All Users\Application Data\RegClean Folder Deleted : C:\Documents and Settings\All Users\Application Data\search protection Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer Folder Deleted : C:\Documents and Settings\Owner\Application Data\adawaretb Folder Deleted : C:\Documents and Settings\Owner\Application Data\BabSolution Folder Deleted : C:\Documents and Settings\Owner\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ada waretb Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\6xffxtbr@ReadingFanatic_6x.com Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\plugin@yontoo.com Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\toolbar@ask.com Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\jet pack Folder Deleted : C:\Documents and Settings\Owner\Application Data\OpenCandy Folder Deleted : C:\Documents and Settings\Owner\Application Data\searchresultstb Folder Deleted : C:\Documents and Settings\Owner\Application Data\Yontoo Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\APN Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\askpartnernetwork Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\AskToolbar Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Ilivid Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware Folder Deleted : C:\Documents and Settings\Owner\תפריט התחלה\תוכניות\TornTV.com Folder Deleted : C:\Program Files\adawaretb Folder Deleted : C:\Program Files\Ask.com Folder Deleted : C:\Program Files\TornTV.com Folder Deleted : C:\Program Files\Yontoo Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\582df8db53dbd40 Key Deleted : HKCU\Software\adawaretb Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AskToolbar Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \bProtectSettings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{377E5D4D-77E5-476A-8716-7E70A9272DA0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{377E5D4D-77E5-476A-8716-7E70A9272DA0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uni nstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\582df8db53dbd40 Key Deleted : HKLM\Software\adawaretb Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd .1 Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68D EBAA244EB686953B7074FEF Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68D EBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnpp fjjklapaamhcdmjbilmde Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagoc gkmemidfngdkamloieekf Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcan epiiimjjndipklodoedlc Key Deleted : HKLM\Software\iLividSRTB Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UpgradeCodes\F928123A039649549966D4C29D35B1 C9 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\adawaretb Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Delta Chrome Toolbar Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\Tarma Installer Key Deleted : HKU\S-1-5-21-1935655697-1767777339-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List [C:\Program Files\RelevantKnowledge\rlvknlg.exe] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate} --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate} --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=341d11a100000000 0000e069959a7e5b --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate} --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate} --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IL&userid =922a469b-cf75-45a4-877a-5d08c24f87bf&searchtype=ds&q={searchTerms}&install Date={installDate} --> hxxp://www.google.com -\\ Mozilla Firefox v18.0.2 (en-US) File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\pre fs.js C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\use r.js ... Deleted ! Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119776&babsrc=NT_ss&mntrId=341d1[...] Deleted : user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss_pr&mnt[...] Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com"); Deleted : user_pref("extensions.asktb.apn_dbr", "cr_26.0.1410.64"); Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true); Deleted : user_pref("extensions.asktb.cbid", "^F4"); Deleted : user_pref("extensions.asktb.config-updated", false); Deleted : user_pref("extensions.asktb.cr-o", "101699cr"); Deleted : user_pref("extensions.asktb.crumb", "2013.04.30+00.28.47-toolbar013iad-IL-VGVsIEF2aXYsSXNyYWVs"); Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...] Deleted : user_pref("extensions.asktb.displaybehavior", ""); Deleted : user_pref("extensions.asktb.displaytext", ""); Deleted : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^IL"); Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false); Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "ISXX0026"); Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C"); Deleted : user_pref("extensions.asktb.ff-original-keyword-url", ""); Deleted : user_pref("extensions.asktb.ff19-config-first-run", "true"); Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true); Deleted : user_pref("extensions.asktb.fresh-install", false); Deleted : user_pref("extensions.asktb.guid", "2bcee474-e483-4429-8c9a-5133a024fe1f"); Deleted : user_pref("extensions.asktb.hpr", "YES"); Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...] Deleted : user_pref("extensions.asktb.if", "first"); Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\"); Deleted : user_pref("extensions.asktb.keyword-toggled-in-session", false); Deleted : user_pref("extensions.asktb.l", "dis"); Deleted : user_pref("extensions.asktb.last-config-req", "1369801327332"); Deleted : user_pref("extensions.asktb.locale", "en_US"); Deleted : user_pref("extensions.asktb.location", "Tel Aviv,Israel"); Deleted : user_pref("extensions.asktb.lstation", ""); Deleted : user_pref("extensions.asktb.new-tab-enabled", true); Deleted : user_pref("extensions.asktb.news-native-on", true); Deleted : user_pref("extensions.asktb.nthp", "YES"); Deleted : user_pref("extensions.asktb.nthp_prev", "2"); Deleted : user_pref("extensions.asktb.o", "101699"); Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Deleted : user_pref("extensions.asktb.pstate", ""); Deleted : user_pref("extensions.asktb.qsrc", "2871"); Deleted : user_pref("extensions.asktb.r", "19"); Deleted : user_pref("extensions.asktb.sa", "YES"); Deleted : user_pref("extensions.asktb.saguid", "20EE11BF-A93A-4D3B-92C7-BBA3361A1D15"); Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=[...] Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true); Deleted : user_pref("extensions.asktb.silent-upgrade", true); Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false); Deleted : user_pref("extensions.asktb.slwo", "1"); Deleted : user_pref("extensions.asktb.socialmini-first", true); Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000"); Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33"); Deleted : user_pref("extensions.asktb.socialmini-max-items", "30"); Deleted : user_pref("extensions.asktb.socialmini-native-on", true); Deleted : user_pref("extensions.asktb.socialmini-speed", "10000"); Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false); Deleted : user_pref("extensions.asktb.themeid", ""); Deleted : user_pref("extensions.asktb.timeinstalled", "30/04/2013 10:29:11"); Deleted : user_pref("extensions.asktb.to", ""); Deleted : user_pref("extensions.asktb.v", "3.15.15.100013"); Deleted : user_pref("extensions.asktb.version", "5.15.15.35882"); Deleted : user_pref("extensions.asktb.volume", ""); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true); Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119776&babsrc[...] Deleted : user_pref("extensions.enabledAddons", "%7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1,plugin%40y[...] Deleted : user_pref("extensions.W3I4-G.hpr", "\"hxxp://www.search.ask.com/?l=dis&o=41648005&gct=hp&apn_ptnrs=^[...] Deleted : user_pref("extentions.y2layers.defaultEnableAppsLi st", "twittube,buzzdock,YontooNewOffers"); Deleted : user_pref("extentions.y2layers.installId", "fb770640-c3e4-4320-b6b6-066971362dba"); -\\ Google Chrome v27.0.1453.94 File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Deleted [l.36] : icon_url = "hxxp://www.ask.com/favicon.ico", Deleted [l.39] : keyword = "ask.com", Deleted [l.43] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=FXTV5&o=101699&locale =e[...] Deleted [l.44] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc={qsrc}&li=ff&sstype=prefix&q={searchT[...] ************************* AdwCleaner[S1].txt - [24915 octets] - [29/05/2013 10:54:35] ########## EOF - C:\AdwCleaner[S1].txt - [24976 octets] ########## |
#9
|
|||
|
|||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Microsoft Windows XP x86 Ran by Owner on Wed 05/29/2013 at 11:07:27.78 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgr adecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{75476FC1-0FDA-42F8-B122-120AC818213D} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{fe8a5a30-7831-4eb2-a9e7-8402c384c841} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{fe8a5a30-7831-4eb2-a9e7-8402c384c841} ~~~ Files Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe" Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\systweak" Successfully deleted: [Folder] "C:\Documents and Settings\Owner\appdata\locallow\datamngr" Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\adawarebp" Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\torch" Successfully deleted: [Folder] "C:\Program Files\readingfanatic_6x" Failed to delete: [Folder] "C:\Program Files\askpartnernetwork" ~~~ FireFox Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\ev9g4cv5.default\inv alidprefs.js Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\ev9g4cv5.default\sea rchplugins\babylon.xml Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\ev9g4cv5.default\ext ensions\{87934C42-161D-45BC-8CEF-EF18ABE2A30C} Successfully deleted the following from C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\ev9g4cv5.default\pre fs.js user_pref("browser.search.selectedEngine", "SecureSearch"); Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\ev9g4cv5.default\min idumps [2 files] ~~~ Chrome Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome \extensioninstallforcelist ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~ Scan was completed on Wed 05/29/2013 at 11:13:48.53 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~ |
#10
|
|||
|
|||
Hallo Tom
Here I have a problem I tried to activate the Combofix, but it requires to shut my Avast antivirus, and I don't know how to do it. Does it have a general "switch" or anything? I do not find it. Or shall I simply uninstall it? please advise. I will continue with the Combo only tomorrow morning Thanks Yochanan |
#11
|
||||
|
||||
Rightclick the avast symbol in systemtray, there should be a point to deactivate in the context menu.
|
#12
|
|||
|
|||
thank you Tom. I found the deactivation of Avast. By the way, only now I saw your mention of "cryptical language". As you can see in the header of each post - my location is Israel and my interface (to my great sorrow) is in Hebrew which is a right to left language and written in a Hebrew font.
regards |
#13
|
||||
|
||||
Ah ok, thanks for letting me know
|
#14
|
|||
|
|||
the Combofix log here:
ComboFix 13-05-30.01 - Owner 05/30/2013 6:04.1.4 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1255.972.1037.18.1950.1237 [GMT 2:00] Running from: c:\documents and settings\Owner\שולחן העבודה\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-30 ))))))))))))))))))))))))))))))) . . 2013-05-29 09:30 . 2013-05-29 09:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\adawarebp 2013-05-29 09:07 . 2013-05-29 09:07 -------- d-----w- c:\windows\ERUNT 2013-05-29 09:07 . 2013-05-29 09:07 -------- d-----w- C:\JRT 2013-05-28 05:13 . 2013-05-28 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations 2013-05-28 05:12 . 2013-05-28 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection 2013-05-28 05:11 . 2013-05-28 05:11 -------- d-----w- c:\program files\Toolbar Cleaner 2013-05-28 05:11 . 2013-05-28 05:11 -------- d-----w- c:\documents and settings\Owner\Application Data\SecureSearch 2013-05-28 05:06 . 2013-05-28 05:06 44424 ----a-w- c:\windows\system32\sbbd.exe 2013-05-28 05:06 . 2013-05-28 05:06 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-05-28 05:06 . 2013-05-28 05:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Ad-Aware Antivirus 2013-05-14 08:55 . 2013-05-16 04:05 -------- d-----w- c:\program files\LibreOffice 4.0 2013-05-08 09:24 . 2013-05-08 09:24 -------- d-----w- c:\program files\Tracker Software 2013-05-08 09:11 . 2013-05-09 09:08 -------- d-----w- c:\documents and settings\Owner\Application Data\SumatraPDF 2013-05-08 09:09 . 2013-05-08 09:09 -------- d-----w- c:\program files\SumatraPDF 2013-05-08 05:53 . 2013-05-30 03:51 -------- d-----w- c:\windows\system32\wbem\Logs 2013-05-08 05:28 . 2013-05-08 05:28 -------- d-----w- C:\temp 2013-05-06 06:52 . 2013-05-08 04:40 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss 2013-05-05 04:20 . 2013-05-05 04:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer 2013-05-05 04:20 . 2013-05-05 04:20 -------- d-----w- c:\program files\Safari 2013-05-05 04:20 . 2013-05-05 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2013-05-05 04:20 . 2013-05-05 04:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple 2013-05-05 04:20 . 2013-05-05 04:20 -------- d-----w- c:\program files\Apple Software Update 2013-05-05 04:20 . 2013-05-05 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2013-05-03 05:02 . 2013-05-03 05:02 -------- d-----w- c:\program files\AntiTwin 2013-05-03 04:57 . 2013-05-03 04:57 -------- d-----w- c:\program files\Auslogics 2013-05-03 04:17 . 2013-05-05 04:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer 2013-05-02 08:28 . 2013-05-02 08:32 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit 2013-05-02 08:28 . 2013-05-02 08:29 -------- d-----w- c:\program files\IObit 2013-05-02 08:28 . 2013-05-02 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2013-05-02 08:23 . 2013-05-02 08:23 -------- d-----w- c:\program files\KASHU 2013-05-01 06:45 . 2013-05-01 06:47 -------- d-----w- C:\swoof 2013-04-30 08:28 . 2013-04-30 08:28 -------- d-----w- c:\documents and settings\LocalService\Application Data\Foxit Software 2013-04-30 08:28 . 2013-05-07 09:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit Software 2013-04-30 08:28 . 2013-04-30 08:28 -------- d-----w- c:\program files\Foxit Software . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2013-05-16 04:53 . 2012-12-26 09:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-16 04:53 . 2012-12-26 09:37 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-09 08:59 . 2013-03-18 04:35 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-05-09 08:59 . 2013-03-18 04:35 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-05-09 08:59 . 2012-12-26 07:39 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-05-09 08:59 . 2012-12-26 07:39 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-05-09 08:59 . 2012-12-26 07:39 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-05-09 08:59 . 2013-03-18 04:34 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-05-09 08:59 . 2012-12-26 07:39 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-05-09 08:59 . 2012-12-26 07:39 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-05-09 08:58 . 2012-12-26 07:39 41664 ----a-w- c:\windows\avastSS.scr 2013-05-09 08:58 . 2012-12-26 07:39 229648 ----a-w- c:\windows\system32\aswBoot.exe 2013-04-26 06:03 . 2013-04-26 06:03 499712 ----a-w- c:\windows\system32\msvcp71.dll 2013-04-26 06:03 . 2013-04-26 06:03 348160 ----a-w- c:\windows\system32\msvcr71.dll 2013-04-26 05:54 . 2013-04-26 05:55 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-26 05:54 . 2013-01-16 08:42 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-04-26 05:54 . 2013-04-26 05:55 866720 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-04-26 05:54 . 2013-04-26 05:55 788896 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-04 12:50 . 2013-01-15 07:15 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-24 07:56 . 2013-03-11 07:44 1672192 ----a-w- c:\windows\system32\pdfmona.dll 2013-03-24 07:56 . 2013-03-11 07:44 36864 ----a-w- c:\windows\system32\pdf995mon.dll 2013-03-06 23:33 . 2013-03-18 04:35 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-03-28 04:19 . 2013-02-07 07:18 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\GD riveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\GD riveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\GD riveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\GD riveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2013-03-25 3497240] "ABK"="c:\program files\ABK\abk.exe" [2011-01-19 1420800] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-31 136704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-31 174592] "Persistence"="c:\windows\system32\igfxpers.ex e" [2012-07-31 162816] "KMCONFIG"="c:\program files\Keyboard & Mouse Driver\StartAutorun.exe" [2008-05-29 212992] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-04-18 36864] "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864] "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "mylbx"="c:\program files\My Lockbox\mylbx.exe" [2012-05-24 2207080] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-04-26 295512] "IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832] "RTHDCPL"="RTHDCPL.EXE" [2012-08-06 20117136] "Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2013-05-15 554408] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-27 15360] . c:\documents and settings\Owner\תפריט התחלה\תוכניות\הפעלה\ OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . c:\documents and settings\Owner\תפריט התחלה\תוכניות\הפעלה\ OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . c:\documents and settings\Owner\תפריט התחלה\תוכניות\הפעלה\ OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\ Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-6 111376] Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-6 51984] . c:\documents and settings\Owner\תפריט התחלה\תוכניות\הפעלה\ OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\IMFservice] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \HP1006MC.EXE"= . R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvr t.sys [18/03/2013 06:35 49376] R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.s ys [18/03/2013 06:35 174664] R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [03/03/2013 08:57 41912] R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.s ys [28/05/2013 07:06 13560] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.s ys [18/03/2013 06:35 21576] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.s ys [26/12/2012 09:39 765736] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26/12/2012 09:39 368944] R2 APNMCP;Ask Update Service;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [03/04/2013 14:50 169096] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [26/12/2012 09:39 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [18/03/2013 06:34 66336] R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [02/05/2013 10:28 821592] R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [06/09/2012 01:52 112968] R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Keyboard & Mouse Driver\KMWDSrv.exe [23/06/2008 21:28 208896] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [15/01/2013 09:15 418376] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [15/01/2013 09:15 701512] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc. exe [06/03/2013 02:21 39056] R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [02/05/2013 10:28 246816] R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [15/01/2013 09:15 22856] R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [02/05/2013 10:28 30408] R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [02/05/2013 10:28 16248] S2 PfFilter;PfFilter;\??\e:\protected folder\Unort-old\Protected Folder\pffilter.sys --> e:\protected folder\Unort-old\Protected Folder\pffilter.sys [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [20/12/2012 11:21 1691480] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-05-29 03:10 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Insta ller\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-12-26 04:53] . 2013-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2013-05-30 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-26 08:58] . 2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-09 04:54] . 2013-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-09 04:54] . 2013-05-29 c:\windows\Tasks\RealDownloaderDownloaderScheduled TaskS-1-5-21-1935655697-1767777339-725345543-1003.job - c:\program files\RealNetworks\RealDownloader\recordingmanager .exe [2013-03-06 00:23] . 2013-05-30 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTas kS-1-5-21-1935655697-1767777339-725345543-1003.job - c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06 00:21] . 2013-05-29 c:\windows\Tasks\RealDownloaderRealUpgradeSchedule dTaskS-1-5-21-1935655697-1767777339-725345543-1003.job - c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06 00:21] . 2013-05-30 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1935655697-1767777339-725345543-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 09:36] . 2013-05-30 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTas kS-1-5-21-1935655697-1767777339-725345543-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 09:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ncr uSearchAssistant = hxxp://www.google.com TCP: DhcpNameServer = 80.179.52.100 80.179.55.100 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ FF - prefs.js: browser.search.defaulturl - hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_0&ent=hp&u=18E51 1A148026EED6049DF51A43C7EF2 FF - ExtSQL: 2013-04-24 06:13; toolbar_W3I4-G@apn.ask.com; c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ev9g4cv5.default\ext ensions\toolbar_W3I4-G@apn.ask.com.xpi FF - ExtSQL: 2013-04-26 08:03; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\documents and settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext . - - - - ORPHANS REMOVED - - - - . BHO-{57334934-2D47-006A-76A7-7A786E7484D7} - c:\program files\AskPartnerNetwork\Toolbar\W3I4-G\Passport.dll Toolbar-{57334934-2D47-006A-76A7-7A786E7484D7} - c:\program files\AskPartnerNetwork\Toolbar\W3I4-G\Passport.dll WebBrowser-{57334934-2D47-006A-76A7-7A786E7484D7} - c:\program files\AskPartnerNetwork\Toolbar\W3I4-G\Passport.dll AddRemove-Protected Folder_is1 - e:\protected folder\Unort-old\Protected Folder\unins000.exe . . . ************************************************** ************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-05-30 06:18 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************** ************************ . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1935655697-1767777339-725345543-1003\Software\Microsoft\ M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*\Recent File List] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "File1"="c:\\WINDOWS\\system32\\devmgmt.msc" "File2"="c:\\WINDOWS\\system32\\compmgmt.msc" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2013-05-30 06:19:45 ComboFix-quarantined-files.txt 2013-05-30 04:19 . Pre-Run: 486,411,673,600 bytes free Post-Run: 486,386,139,136 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - DDAE6C284EF1AA4A279081376944C737 |
#15
|
||||
|
||||
Hi,
I'd like us to scan your machine with ESET OnlineScan
Also please post back with a fresh OTL logfile and tell me how the system is running. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
iTunes - Any idea how to change change multiple movies, all selected into tv shows us | VonnegutX | Applications | 1 | April 8th, 2008 06:37 AM |
Hmm, a cross-browser browser (Called Site Inspector) | Harrie | The Anything Else Board | 0 | July 10th, 2007 02:34 PM |
Change broadband provider = change email address? | miller123 | The Anything Else Board | 3 | March 1st, 2007 10:05 PM |
Browser inside browser | justind | Web Development & Graphic Design | 11 | November 7th, 2006 06:08 PM |
All times are GMT +1. The time now is 08:41 AM.