|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
January 24th, 2013, 11:08 AM
|
|||
|
|||
|
'Bad Image' message
Hi Guys,
I am looking at a note book for someone and on start-up I get a lot of warning pop-ups stating that *****.exe BAD IMAGE, and that a file can not be read. on clearing this message it is replaced by another with a different .exe file name. This happens about 15 times. The notebook is running Windows XP sp3. Can anyone help? 
|
|
#2
January 25th, 2013, 01:13 AM
|
||||
|
||||
|
Hello hurleyberly,
The system has a malware startup, with the file now removed. Let's take a look. The last time you posted here you didn't respond. If you ever have any questions about scans or posting, be sure to ask. If the system is Vista/Windows7, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool. And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. ------- Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please. ----------- Click here and download the installer for Gmer to your desktop, then click that file to run Gmer. Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. ----------- Download aswMBR ( 4.5MB ) to your desktop.
A lot, but comprehensive, and will make sure we get a good view of everything.
|
|
#3
January 25th, 2013, 01:49 PM
|
|||
|
|||
|
hi Jintan,
Thank you for replying. I ahve run an OTL scan and I got about 50 of the 'Bad image' pop ups and when the 2 notepad were generated they were blank. I ran the Gmer scan and got the results below GMER 2.0.18444 - http://www.gmer.net Rootkit scan 2013-01-25 12:04:06 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHY2160BH rev.890B 149.05GB Running: vre1h96d.exe; Driver: C:\DOCUME~1\Bill\LOCALS~1\Temp\agwdapod.sys ---- System - GMER 2.0 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xA8FA4004] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xA8FA40D4] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA8FA3D76] SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies) ZwQueryValueKey [0xF78131AE] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA8FA3E1E] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA8FA3EBA] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA8FA3F56] ---- User code sections - GMER 2.0 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 036A1E90 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 036A21F0 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 036A2100 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 036A2010 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 036A2370 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 036A1170 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 036A2450 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 036A12D0 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1180] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E75C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] ADVAPI32.dll!RegSetValueExW 77DDD767 7 Bytes JMP 10161CC0 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] ADVAPI32.dll!RegSetValueExA 77DDEAE7 7 Bytes JMP 10161C00 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] ADVAPI32.dll!RegSetValueA 77DFC79E 5 Bytes JMP 10161A80 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] ADVAPI32.dll!RegSetValueW 77E36116 5 Bytes JMP 10161B40 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 10161E90 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 101621F0 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 10162100 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 10162010 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 10162370 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10161170 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 10162450 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[1472] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 101612D0 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 07A11E90 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 07A121F0 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 07A12100 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 07A12010 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 07A12370 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 07A11170 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 07A12450 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 07A112D0 C:\Documents and Settings\Bill\Local Settings\Application Data\Expat_Shield\tbExpa.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2264] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E75C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDL R.exe[3840] ntdll.dll!DbgUiRemoteBreakin 7C9520EC 1 Byte [C3] ---- User IAT/EAT - GMER 2.0 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[2264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- EOF - GMER 2.0 ---- here is the log from Avast aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-01-25 12:06:15 ----------------------------- 12:06:15.875 OS Version: Windows 5.1.2600 Service Pack 3 12:06:15.875 Number of processors: 2 586 0x1C0A 12:06:15.875 ComputerName: PAM-3E76C8F1D78 UserName: Bill 12:06:17.515 Initialize success 12:23:02.984 AVAST engine defs: 13012500 12:32:26.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 12:32:26.906 Disk 0 Vendor: FUJITSU_MHY2160BH 890B Size: 152627MB BusType: 3 12:32:26.937 Disk 0 MBR read successfully 12:32:26.937 Disk 0 MBR scan 12:32:27.015 Disk 0 Windows XP default MBR code 12:32:27.015 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63 12:32:27.015 Disk 0 scanning sectors +312576705 12:32:27.109 Disk 0 scanning C:\WINDOWS\system32\drivers 12:32:43.093 Service scanning 12:33:08.140 Modules scanning 12:33:14.859 Disk 0 trace - called modules: 12:33:14.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 12:33:14.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8657cab8] 12:33:14.890 3 CLASSPNP.SYS[f7632fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8652e250] 12:33:14.890 5 ACPI.sys[f74c9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86529940] 12:33:15.906 AVAST engine scan C:\WINDOWS 12:33:30.609 AVAST engine scan C:\WINDOWS\system32 12:37:50.281 AVAST engine scan C:\WINDOWS\system32\drivers 12:38:22.296 AVAST engine scan C:\Documents and Settings\Bill 12:47:55.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bill\My Documents\MBR.dat" 12:47:55.265 The log file has been saved successfully to "C:\Documents and Settings\Bill\My Documents\aswMBR.txt" Many thanks for your help
|
|
#4
January 26th, 2013, 12:52 AM
|
||||
|
||||
|
Go here and download Dial-a-fix-v0.60.0.24.zip (scroll down to the "green" box"), then unzip that to the desktop. In the Dial-a-fix folder locate and rename Dial-a-fix.exe to dial.com, then click that file to run the tool.
Once the display opens another Restrictive Policies display should open. Click the Remove button, then close Dial-a-Fix. Note - Dial-a-Fix was never updated for the later versions of Internet Explorer (iexplore.exe). If it indicates it cannot identify that, just OK the warning. It will still run correctly. ------- Right click Here and select Save Target As (Firefox Save Link As) and save UnHookExec.inf to your Desktop. Then right-click on UnHookExec.inf and select Install. You may only see a desktop flicker as the changes are made. ------- Go here and download reglooks.exe to your Desktop. Doubleclick on it to run it and when it has finished scanning, a log named result.txt will open in Notepad. Copy the log and post it in this thread. All of those, in some way, are intended to ID or resolve this bad image effect, so let me know if any correct that.
|
|
#5
January 26th, 2013, 11:00 AM
|
|||
|
|||
|
Hi Jintan.
Here is the Dial.com log; 09:34:38 | Dial-a-fix was unable to determine your version of Internet Explorer Notes about this log: 1) "->" denotes an external command being executed, and "-> (number)" indicates the return code from the previous command 2) Not all external command return codes are accurate, or useful 3) Sometimes commands return 0 (no error) even when they fail or crash 4) If an error occurs while registering an object, please send an email to: dial-a-fix@DjLizard.net and include a copy of this log DAF version: v0.60.0.24 --- System info --- OS: Microsoft Windows XP Service Pack 3 IE version: 8.0.6001.18702 MPC: 76487-025 CPU: Intel(R) Atom(TM) CPU N450 @ 1.66GHz (~1660MHz) CPU: CPU is 64-bit or has 64-bit extensions CPU: 2 CPU cores present BIOS: 02/06/2011 Memory (approx): 1013MB Uptime: 0 hour(s) Current directory: C:\Documents and Settings\Bill\Desktop\Dial-a-fix-v0.60.0.24\Dial-a-fix-v0.60.0.24 --- 26/01/2013 09:34:38 -- Dial-a-fix : [v0.60.0.24] -- started 09:34:38 | Policy scan started 09:34:38 | Policy scan ended - no restrictive policies were found --- Emptying temp folders --- 09:35:58 | Deleting C:\Documents and Settings\Bill\Local Settings\Temp... 09:36:01 | C:\Documents and Settings\Bill\Local Settings\Temp could not be completely emptied, please reboot and try again 09:36:01 | Deleting C:\WINDOWS\temp... 09:36:04 | C:\WINDOWS\temp could not be completely emptied, please reboot and try again 09:36:04 | Deleting C:\DOCUME~1\Bill\LOCALS~1\Temp... 09:36:10 | C:\DOCUME~1\Bill\LOCALS~1\Temp could not be completely emptied, please reboot and try again --- MSI --- 09:36:30 | Registered: C:\WINDOWS\system32\msi.dll --- Windows Update --- --- Registration: Windows Update/Automatic Update DLLs --- 09:36:43 | Unregistered: C:\WINDOWS\system32\msxml.dll 09:36:43 | Registered: C:\WINDOWS\system32\msxml.dll 09:36:44 | Unregistered: C:\WINDOWS\system32\msxml2.dll 09:36:44 | Registered: C:\WINDOWS\system32\msxml2.dll 09:36:45 | Unregistered: C:\WINDOWS\system32\msxml3.dll 09:36:46 | Registered: C:\WINDOWS\system32\msxml3.dll 09:36:47 | Unregistered: C:\WINDOWS\system32\qmgr.dll 09:36:47 | Registered: C:\WINDOWS\system32\qmgr.dll 09:36:47 | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll 09:36:47 | Registered: C:\WINDOWS\system32\qmgrprxy.dll 09:36:47 | Unregistered: C:\WINDOWS\system32\muweb.dll 09:36:47 | Registered: C:\WINDOWS\system32\muweb.dll 09:36:47 | Unregistered: C:\WINDOWS\system32\winhttp.dll 09:36:47 | Registered: C:\WINDOWS\system32\winhttp.dll 09:36:47 | Registered: C:\WINDOWS\system32\wuapi.dll 09:36:48 | Unregistered: C:\WINDOWS\system32\wuaueng.dll 09:36:49 | Registered: C:\WINDOWS\system32\wuaueng.dll 09:36:49 | Unregistered: C:\WINDOWS\system32\wuaueng1.dll 09:36:49 | Registered: C:\WINDOWS\system32\wuaueng1.dll 09:36:49 | Unregistered: C:\WINDOWS\system32\wucltui.dll 09:36:49 | Registered: C:\WINDOWS\system32\wucltui.dll 09:36:49 | Unregistered: C:\WINDOWS\system32\wups.dll 09:36:49 | Registered: C:\WINDOWS\system32\wups.dll 09:36:49 | Unregistered: C:\WINDOWS\system32\wups2.dll 09:36:49 | Registered: C:\WINDOWS\system32\wups2.dll 09:36:49 | Unregistered: C:\WINDOWS\system32\wuweb.dll 09:36:49 | Registered: C:\WINDOWS\system32\wuweb.dll 09:36:50 | Registered: C:\WINDOWS\system32\ole32.dll --- SSL/HTTPS/Cryptography --- 09:37:09 | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2' --- Registration: SSL/HTTPS/Cryptography --- 09:37:15 | Unregistered: C:\WINDOWS\system32\cryptdlg.dll 09:37:15 | Registered: C:\WINDOWS\system32\cryptdlg.dll 09:37:15 | Unregistered: C:\WINDOWS\system32\cryptui.dll 09:37:15 | Registered: C:\WINDOWS\system32\cryptui.dll 09:37:15 | Unregistered: C:\WINDOWS\system32\cryptext.dll 09:37:15 | Registered: C:\WINDOWS\system32\cryptext.dll 09:37:15 | Unregistered: C:\WINDOWS\system32\dssenh.dll 09:37:15 | Registered: C:\WINDOWS\system32\dssenh.dll 09:37:15 | Unregistered: C:\WINDOWS\system32\gpkcsp.dll 09:37:16 | Registered: C:\WINDOWS\system32\gpkcsp.dll 09:37:16 | Unregistered: C:\WINDOWS\system32\initpki.dll 09:37:55 | Registered: C:\WINDOWS\system32\initpki.dll 09:37:55 | Unregistered: C:\WINDOWS\system32\licdll.dll 09:37:55 | Registered: C:\WINDOWS\system32\licdll.dll 09:37:55 | Unregistered: C:\WINDOWS\system32\mssign32.dll 09:37:55 | Registered: C:\WINDOWS\system32\mssign32.dll 09:37:55 | Unregistered: C:\WINDOWS\system32\mssip32.dll 09:37:55 | Registered: C:\WINDOWS\system32\mssip32.dll 09:37:55 | Unregistered: C:\WINDOWS\system32\scardssp.dll 09:37:56 | Registered: C:\WINDOWS\system32\scardssp.dll 09:37:56 | Unregistered: C:\WINDOWS\system32\sccbase.dll 09:37:56 | Registered: C:\WINDOWS\system32\sccbase.dll 09:37:56 | Unregistered: C:\WINDOWS\system32\scecli.dll 09:37:57 | Registered: C:\WINDOWS\system32\scecli.dll 09:37:57 | Unregistered: C:\WINDOWS\system32\softpub.dll 09:37:57 | Registered: C:\WINDOWS\system32\softpub.dll 09:37:58 | Unregistered: C:\WINDOWS\system32\slbcsp.dll 09:37:58 | Registered: C:\WINDOWS\system32\slbcsp.dll 09:37:58 | Unregistered: C:\WINDOWS\system32\regwizc.dll 09:37:58 | Registered: C:\WINDOWS\system32\regwizc.dll 09:37:58 | Unregistered: C:\WINDOWS\system32\rsaenh.dll 09:37:58 | Registered: C:\WINDOWS\system32\rsaenh.dll 09:37:58 | Unregistered: C:\WINDOWS\system32\winhttp.dll 09:37:58 | Registered: C:\WINDOWS\system32\winhttp.dll 09:37:58 | Unregistered: C:\WINDOWS\system32\wintrust.dll 09:37:59 | Registered: C:\WINDOWS\system32\wintrust.dll --- Registration: ActiveX controls/codecs --- 09:38:01 | Registered: C:\WINDOWS\system32\acelpdec.ax 09:38:01 | Registered: C:\WINDOWS\system32\actxprxy.dll 09:38:01 | Registered: C:\WINDOWS\system32\asctrls.ocx 09:38:01 | Registered: C:\WINDOWS\system32\daxctle.ocx 09:38:02 | Registered: C:\WINDOWS\system32\hhctrl.ocx 09:38:02 | Registered: C:\WINDOWS\system32\l3codecx.ax 09:38:02 | Registered: C:\WINDOWS\system32\licmgr10.dll 09:38:02 | Registered: C:\WINDOWS\system32\mpg4ds32.ax 09:38:03 | Registered: C:\WINDOWS\system32\msdxm.ocx 09:38:03 | Registered: C:\WINDOWS\system32\proctexe.ocx 09:38:03 | Registered: C:\WINDOWS\system32\tdc.ocx 09:38:03 | Registered: C:\WINDOWS\system32\wshom.ocx --- Registration: Control Panel applets --- 09:38:03 | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl 09:38:04 | DllInstalled: C:\WINDOWS\system32\appwiz.cpl 09:38:04 | Registered: C:\WINDOWS\system32\appwiz.cpl 09:38:04 | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl 09:38:04 | Registered: C:\WINDOWS\system32\nusrmgr.cpl --- Registration: Direct[X|Draw|Show|Media] --- 09:38:04 | Registered: C:\WINDOWS\system32\quartz.dll 09:38:06 | Registered: C:\WINDOWS\system32\danim.dll 09:38:06 | Registered: C:\WINDOWS\system32\dmscript.dll 09:38:06 | Registered: C:\WINDOWS\system32\dmstyle.dll 09:38:06 | Registered: C:\WINDOWS\system32\dxmasf.dll 09:38:06 | Registered: C:\WINDOWS\system32\dxtmsft.dll 09:38:06 | Registered: C:\WINDOWS\system32\dxtrans.dll 09:38:06 | Registered: C:\WINDOWS\system32\sbe.dll --- Registration: Programming cores/runtimes --- 09:38:06 | Registered: C:\WINDOWS\system32\atl.dll 09:38:06 | Registered: C:\WINDOWS\system32\corpol.dll 09:38:07 | Registered: C:\WINDOWS\system32\jscript.dll 09:38:07 | Registered: C:\WINDOWS\system32\dispex.dll 09:38:07 | Registered: C:\WINDOWS\system32\scrrun.dll 09:38:07 | Registered: C:\WINDOWS\system32\scrobj.dll 09:38:07 | Registered: C:\WINDOWS\system32\vbscript.dll 09:38:07 | Registered: C:\WINDOWS\system32\wshext.dll --- Registration: Explorer/IE/OE/shell/WMP --- 09:38:07 | Registered: C:\WINDOWS\system32\activeds.dll 09:38:07 | Registered: C:\WINDOWS\system32\audiodev.dll 09:38:08 | DllInstalled: C:\WINDOWS\system32\browseui.dll 09:38:08 | Registered: C:\WINDOWS\system32\browseui.dll 09:38:09 | Registered: C:\WINDOWS\system32\browsewm.dll 09:38:09 | Registered: C:\WINDOWS\system32\cabview.dll 09:38:09 | Registered: C:\WINDOWS\system32\cdfview.dll 09:38:09 | Registered: C:\WINDOWS\system32\clbcatex.dll 09:38:09 | Registered: C:\WINDOWS\system32\clbcatq.dll 09:38:09 | Registered: C:\WINDOWS\system32\comcat.dll 09:38:09 | Registered: C:\WINDOWS\system32\cscui.dll 09:38:09 | Registered: C:\WINDOWS\system32\credui.dll 09:38:10 | Registered: C:\WINDOWS\system32\datime.dll 09:38:10 | Registered: C:\WINDOWS\system32\devmgr.dll 09:38:10 | Registered: C:\WINDOWS\system32\dfsshlex.dll 09:38:10 | Registered: C:\WINDOWS\system32\dmdlgs.dll 09:38:10 | Registered: C:\WINDOWS\system32\dmdskmgr.dll 09:38:10 | Registered: C:\WINDOWS\system32\dmloader.dll 09:38:10 | Registered: C:\WINDOWS\system32\dmocx.dll 09:38:10 | Registered: C:\WINDOWS\system32\dmview.ocx 09:38:10 | DllInstalled: C:\WINDOWS\system32\dsuiext.dll 09:38:10 | Registered: C:\WINDOWS\system32\dsuiext.dll 09:38:10 | DllInstalled: C:\WINDOWS\system32\dsquery.dll 09:38:10 | Registered: C:\WINDOWS\system32\dsquery.dll 09:38:10 | Registered: C:\WINDOWS\system32\dskquoui.dll 09:38:11 | Registered: C:\WINDOWS\system32\els.dll 09:38:11 | Registered: C:\WINDOWS\system32\es.dll 09:38:11 | Registered: C:\WINDOWS\system32\fontext.dll 09:38:11 | Registered: C:\WINDOWS\system32\hlink.dll 09:38:12 | Registered: C:\WINDOWS\system32\hnetcfg.dll 09:38:12 | Registered: C:\WINDOWS\system32\iedkcs32.dll 09:38:12 | Registered: C:\WINDOWS\system32\iepeers.dll 09:38:12 | Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702 09:38:26 | Error 127: C:\WINDOWS\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702 09:38:28 | Registered: C:\WINDOWS\system32\ils.dll 09:38:28 | Error 127: C:\WINDOWS\system32\imgutil.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702 09:38:28 | Registered: C:\WINDOWS\system32\inetcfg.dll 09:38:28 | Registered: C:\WINDOWS\system32\inetcomm.dll 09:38:28 | Error 127: C:\WINDOWS\system32\inseng.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702 09:38:29 | Error 127: C:\WINDOWS\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702 09:38:30 | Registered: C:\WINDOWS\system32\laprxy.dll 09:38:30 | Registered: C:\WINDOWS\system32\lmrt.dll 09:38:31 | Registered: C:\WINDOWS\system32\mlang.dll 09:38:31 | Registered: C:\WINDOWS\system32\mmcndmgr.dll 09:38:31 | Registered: C:\WINDOWS\system32\mmcshext.dll 09:38:32 | Registered: C:\WINDOWS\system32\mscoree.dll 09:38:32 | Error 127: C:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. Version: 8.00.6001.19394 09:38:33 | Error 127: C:\WINDOWS\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.19394 09:38:34 | Registered: C:\WINDOWS\system32\mshtmled.dll 09:38:34 | Registered: C:\WINDOWS\system32\msieftp.dll 09:38:34 | Registered: C:\WINDOWS\system32\msoeacct.dll 09:38:34 | Registered: C:\WINDOWS\system32\msr2c.dll 09:38:34 | Error 127: C:\WINDOWS\system32\msrating.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702 09:38:35 | DllInstalled: C:\WINDOWS\system32\mydocs.dll 09:38:35 | Registered: C:\WINDOWS\system32\mydocs.dll 09:38:35 | Registered: C:\WINDOWS\system32\mstime.dll 09:38:35 | Registered: C:\WINDOWS\system32\netcfgx.dll 09:38:35 | DllInstalled: C:\WINDOWS\system32\netplwiz.dll 09:38:36 | Registered: C:\WINDOWS\system32\netplwiz.dll 09:38:36 | Registered: C:\WINDOWS\system32\netman.dll 09:38:36 | Registered: C:\WINDOWS\system32\netshell.dll 09:38:36 | Registered: C:\WINDOWS\system32\ntmsevt.dll 09:38:36 | Registered: C:\WINDOWS\system32\ntmsmgr.dll 09:38:36 | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll 09:38:36 | Registered: C:\WINDOWS\system32\ntmssvc.dll 09:38:36 | Error 127: C:\WINDOWS\system32\occache.dll is not registerable or the file is corrupted. Version: 8.00.6001.19389 09:38:37 | Error 127: C:\WINDOWS\system32\occache.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.19389 09:38:38 | Registered: C:\WINDOWS\system32\ole32.dll 09:38:38 | Registered: C:\WINDOWS\system32\oleaut32.dll 09:38:38 | Registered: C:\WINDOWS\system32\oleacc.dll 09:38:38 | Registered: C:\WINDOWS\system32\olepro32.dll 09:38:39 | DllInstalled: C:\WINDOWS\system32\photowiz.dll 09:38:39 | Registered: C:\WINDOWS\system32\photowiz.dll 09:38:39 | Error 127: C:\WINDOWS\system32\pngfilt.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702 09:38:39 | Registered: C:\WINDOWS\system32\remotepg.dll 09:38:39 | Registered: C:\WINDOWS\system32\rpcrt4.dll 09:38:39 | Registered: C:\WINDOWS\system32\rshx32.dll 09:38:39 | Registered: C:\WINDOWS\system32\sendmail.dll 09:38:39 | Registered: C:\WINDOWS\system32\slayerxp.dll 09:38:42 | DllInstalled: C:\WINDOWS\system32\shdocvw.dll 09:38:42 | Registered: C:\WINDOWS\system32\shdocvw.dll 09:38:42 | Registered: C:\WINDOWS\system32\shell32.dll 09:38:54 | DllInstalled: C:\WINDOWS\system32\shell32.dll 09:38:54 | Registered: C:\WINDOWS\system32\shmedia.dll 09:38:54 | DllInstalled: C:\WINDOWS\system32\shimgvw.dll 09:38:54 | Registered: C:\WINDOWS\system32\shimgvw.dll 09:38:54 | DllInstalled: C:\WINDOWS\system32\shsvcs.dll 09:38:55 | Registered: C:\WINDOWS\system32\shsvcs.dll 09:38:55 | Registered: C:\WINDOWS\system32\srclient.dll 09:38:55 | Unregistered: C:\WINDOWS\system32\stobject.dll 09:38:55 | Registered: C:\WINDOWS\system32\stobject.dll 09:38:55 | DllInstalled: C:\WINDOWS\system32\themeui.dll 09:38:55 | Registered: C:\WINDOWS\system32\themeui.dll 09:38:55 | Registered: C:\WINDOWS\system32\twext.dll 09:38:57 | DllInstalled: C:\WINDOWS\system32\urlmon.dll 09:38:57 | Registered: C:\WINDOWS\system32\urlmon.dll 09:38:57 | Registered: C:\WINDOWS\system32\userenv.dll 09:38:58 | Error 127: C:\WINDOWS\system32\webcheck.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702 09:38:59 | Error 127: C:\WINDOWS\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702 09:39:01 | Registered: C:\WINDOWS\system32\webvw.dll 09:39:01 | Registered: C:\WINDOWS\system32\winhttp.dll 09:39:01 | DllInstalled: C:\WINDOWS\system32\wininet.dll 09:39:01 | Registered: C:\WINDOWS\system32\zipfldr.dll 09:39:01 | Registered: C:\Program Files\Common Files\system\Ole DB\msdadc.dll 09:39:01 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaenum.dll 09:39:01 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaer.dll 09:39:01 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaipp.dll 09:39:01 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaora.dll 09:39:01 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaosp.dll 09:39:02 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaps.dll 09:39:02 | Registered: C:\Program Files\Common Files\system\Ole DB\msdasc.dll 09:39:02 | Registered: C:\Program Files\Common Files\system\Ole DB\msdasql.dll 09:39:02 | Registered: C:\Program Files\Common Files\system\Ole DB\msdatt.dll 09:39:02 | Registered: C:\Program Files\Common Files\system\Ole DB\msdaurl.dll 09:39:02 | Registered: C:\Program Files\Common Files\system\Ole DB\msxactps.dll 09:39:02 | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32.dll 09:39:02 | Registered: C:\Program Files\Common Files\system\Ole DB\oledb32r.dll 09:39:02 | Registered: C:\Program Files\Common Files\system\Ole DB\sqloledb.dll 09:39:02 | Registered: C:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll Unhook will not install, I just get the 'Bad error' message and the following notepad [Version] Signature="$Chicago$" Provider=Symantec [DefaultInstall] AddReg=UnhookRegKey [UnhookRegKey] HKLM, Software\CLASSES\batfile\shell\open\command,,,"""% 1"" %*" HKLM, Software\CLASSES\comfile\shell\open\command,,,"""% 1"" %*" HKLM, Software\CLASSES\exefile\shell\open\command,,,"""% 1"" %*" HKLM, Software\CLASSES\piffile\shell\open\command,,,"""% 1"" %*" HKLM, Software\CLASSES\regfile\shell\open\command,,,"reg edit.exe ""%1""" HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""% 1"" %*" HKCU, Software\Microsoft\Windows\CurrentVersion\Policies \System,DisableRegistryTools,0x00000020,0 I ran Reglooks and I got loads of 'Bad image' popups, the scan results are here REGLOOKS logfile - version 0.994 Scan started: 26/01/2013 9:44:32.23 --- INFORMATION --- Manufacturer: eMachines - Model: eM350 Operating System: Microsoft Windows XP Professional -- 5.1.2600 -- Service Pack 3 -- Install Date: 29/07/2012 15:01:47 Last Boot: 26/01/2013 09:17:30 Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz Number of Processors: 2 Work Station Bootmode: Normal boot Total RAM: 1013 MB (free 484 MB - 47%) Computername: PAM-3E76C8F1D78 Domain: WORKGROUP User: Bill (Administrator account) Disk Name: Disk #0, Partition #0 Primary Partition: True Bootable: True Boot Partition: True Hidden Sectors: Size: 149 GB -- 152625 MB -- 156288321 kb Type: Installable File System Local Disk: C:\ - NTFS - 149 GB (free 137 GB) Bootdevice: \Device\HarddiskVolume1 Systemdrive: C: Windowsdirectory: C:\WINDOWS Systemdirectory: C:\WINDOWS\system32 Internet Explorer Version: 8.0.6001.18702 Windows update: 2013-01-19 19:23:18 Antivirus Program: AVG Anti-Virus Free Edition 2012 2012.0 [Not Enabled - Updated] DEP: ONN - DEP is enabled for a limited number of binaries, the kernel, and all Windows-based services --- System Restore Points --- Restorepoint 39: 14/12/2012 18:04:46 - Cancelled operation - Software Distribution Service 3.0 Restorepoint 40: 14/12/2012 19:19:21 - Cancelled operation - Software Distribution Service 3.0 Restorepoint 41: 17/12/2012 18:42:39 - Application installation - Software Distribution Service 3.0 Restorepoint 42: 25/12/2012 15:39:19 - Checkpoint - System Checkpoint Restorepoint 43: 26/12/2012 15:22:15 - Application installation - Software Distribution Service 3.0 Restorepoint 44: 28/12/2012 11:56:37 - Checkpoint - System Checkpoint Restorepoint 45: 29/12/2012 12:49:24 - Checkpoint - System Checkpoint Restorepoint 46: 30/12/2012 13:16:44 - Checkpoint - System Checkpoint Restorepoint 47: 31/12/2012 13:43:03 - Checkpoint - System Checkpoint Restorepoint 48: 01/01/2013 14:43:02 - Checkpoint - System Checkpoint Restorepoint 49: 02/01/2013 17:26:10 - Checkpoint - System Checkpoint Restorepoint 50: 03/01/2013 18:01:18 - Checkpoint - System Checkpoint Restorepoint 51: 04/01/2013 18:49:29 - Checkpoint - System Checkpoint Restorepoint 52: 05/01/2013 03:00:15 - Application installation - Software Distribution Service 3.0 Restorepoint 53: 06/01/2013 03:49:29 - Checkpoint - System Checkpoint Restorepoint 54: 07/01/2013 17:50:52 - Checkpoint - System Checkpoint Restorepoint 55: 08/01/2013 18:21:22 - Checkpoint - System Checkpoint Restorepoint 56: 09/01/2013 19:33:09 - Checkpoint - System Checkpoint Restorepoint 57: 10/01/2013 18:15:08 - Application installation - Software Distribution Service 3.0 Restorepoint 58: 11/01/2013 19:01:55 - Checkpoint - System Checkpoint Restorepoint 59: 19/01/2013 19:22:28 - Application installation - Software Distribution Service 3.0 Restorepoint 60: 23/01/2013 16:11:43 - Checkpoint - System Checkpoint Restorepoint 61: 24/01/2013 17:06:08 - Checkpoint - System Checkpoint --- RUNNING PROCESSES --- C:\WINDOWS\System32\smss.exe csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDL R.exe C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Launch Manager\dsiwmis.exe C:\Program Files\Expat Shield\bin\openvpnas.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Expat Shield\HssWPR\hsssrv.exe C:\Program Files\Expat Shield\bin\hsswd.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe C:\Program Files\AVG\AVG2012\avgidsagent.exe wmiprvse.exe C:\Program Files\Launch Manager\LMworker.exe C:\WINDOWS\system32\wbem\unsecapp.exe alg.exe WPFFontCache_v0400.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Expat Shield\bin\openvpntray.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Bill\Desktop\Dial-a-fix-v0.60.0.24\Dial-a-fix-v0.60.0.24\Dial.com C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cscript.exe wmiprvse.exe --- SIGCHECK --- C:\WINDOWS\explorer.exe -- [1033728] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\appmgmts.dll -- [167936] -- [14/04/2008 02:41] -- sigcheck OK C:\WINDOWS\system32\browser.dll -- [78336] -- [06/07/2012 13:58] -- sigcheck OK C:\WINDOWS\system32\comres.dll -- [792064] -- [14/04/2008 02:41] -- sigcheck OK C:\WINDOWS\system32\comctl32.dll -- [617472] -- [23/08/2010 16:12] -- sigcheck OK C:\WINDOWS\system32\cryptsvc.dll -- [62464] -- [14/04/2008 02:41] -- sigcheck OK C:\WINDOWS\system32\ctfmon.exe -- [15360] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\es.dll -- [253952] -- [07/07/2008 20:26] -- sigcheck OK C:\WINDOWS\system32\eventlog.dll -- [56320] -- [14/04/2008 02:41] -- sigcheck OK C:\WINDOWS\system32\ias.dll NOT found C:\WINDOWS\system32\imm32.dll -- [110080] -- [14/04/2008 02:41] -- sigcheck OK C:\WINDOWS\system32\kernel32.dll -- [990208] -- [03/10/2012 04:58] -- sigcheck OK C:\WINDOWS\system32\linkinfo.dll -- [19968] -- [14/04/2008 02:41] -- sigcheck OK C:\WINDOWS\system32\lpk.dll -- [22016] -- [14/04/2008 02:41] -- sigcheck OK C:\WINDOWS\system32\lsass.exe -- [13312] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\mfc40u.dll -- [953856] -- [18/09/2010 06:53] -- sigcheck OK C:\WINDOWS\system32\msgsvc.dll -- [33792] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\mshtml.dll -- [6009856] -- [06/01/2013 05:34] -- sigcheck OK C:\WINDOWS\system32\mspmsnsv.dll -- [27136] -- [18/10/2006 18:47] -- sigcheck OK C:\WINDOWS\system32\mswsock.dll -- [245248] -- [20/06/2008 16:02] -- sigcheck OK C:\WINDOWS\system32\netlogon.dll -- [407040] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\netman.dll -- [198144] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\ntkrnlpa.exe -- [2027520] -- [21/08/2012 12:58] -- sigcheck OK C:\WINDOWS\system32\ntmssvc.dll -- [435200] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\ntoskrnl.exe -- [2148864] -- [21/08/2012 13:33] -- sigcheck OK C:\WINDOWS\system32\pchsvc.dll NOT found C:\WINDOWS\system32\powrprof.dll -- [17408] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\qmgr.dll -- [409088] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\rasauto.dll -- [88576] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\regsvc.dll -- [59904] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\rpcss.dll -- [401408] -- [09/02/2009 12:10] -- sigcheck OK C:\WINDOWS\system32\scecli.dll -- [181248] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\schedsvc.dll -- [192512] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\services.exe -- [110592] -- [06/02/2009 11:11] -- sigcheck OK C:\WINDOWS\system32\sfc.dll -- [5120] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\sfcfiles.dll -- [1614848] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\spoolsv.exe -- [58880] -- [17/08/2010 13:17] -- sigcheck OK C:\WINDOWS\system32\srsvc.dll -- [171008] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\ssdpsrv.dll -- [71680] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\svchost.exe -- [14336] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\tapisrv.dll -- [249856] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\termsrv.dll -- [295424] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\upnphost.dll -- [185856] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\user32.dll -- [578560] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\userinit.exe -- [26112] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\wininet.dll -- [916992] -- [01/11/2012 12:17] -- sigcheck OK C:\WINDOWS\system32\winlogon.exe -- [507904] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\ws2_32.dll -- [82432] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\wscntfy.exe -- [13824] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\wuauclt.exe -- [53784] -- [02/06/2012 12:19] -- sigcheck OK C:\WINDOWS\system32\xmlprov.dll -- [129024] -- [14/04/2008 02:42] -- sigcheck OK C:\WINDOWS\system32\drivers\acpiec.sys -- [11648] -- [28/02/2006 12:00] -- sigcheck OK C:\WINDOWS\system32\drivers\aec.sys -- [142592] -- [13/04/2008 19:09] -- sigcheck OK C:\WINDOWS\system32\drivers\afd.sys -- [138496] -- [17/08/2011 13:49] -- sigcheck OK C:\WINDOWS\system32\drivers\asyncmac.sys -- [14336] -- [13/04/2008 21:27] -- sigcheck OK C:\WINDOWS\system32\drivers\atapi.sys -- [96512] -- [13/04/2008 21:10] -- sigcheck OK C:\WINDOWS\system32\drivers\beep.sys -- [4224] -- [28/02/2006 12:00] -- sigcheck OK C:\WINDOWS\system32\drivers\classpnp.sys -- [49536] -- [13/04/2008 21:46] -- sigcheck OK C:\WINDOWS\system32\drivers\disk.sys -- [36352] -- [13/04/2008 21:10] -- sigcheck OK C:\WINDOWS\system32\drivers\iaStor.sys NOT found C:\WINDOWS\system32\drivers\ip6fw.sys -- [36608] -- [13/04/2008 21:23] -- sigcheck OK C:\WINDOWS\system32\drivers\IPSec.sys -- [75264] -- [13/04/2008 21:49] -- sigcheck OK C:\WINDOWS\system32\drivers\kbdclass.sys -- [24576] -- [13/04/2008 21:09] -- sigcheck OK C:\WINDOWS\system32\drivers\ndis.sys -- [182656] -- [13/04/2008 21:50] -- sigcheck OK C:\WINDOWS\system32\drivers\ntfs.sys -- [574976] -- [13/04/2008 21:45] -- sigcheck OK C:\WINDOWS\system32\drivers\tcpip.sys -- [361600] -- [20/06/2008 11:51] -- sigcheck OK C:\WINDOWS\system32\drivers\tdx.sys NOT found --- SSODL regkeys --- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?] "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?] "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -- File: C:\WINDOWS\system32\webcheck.dll -- [236544] -- [08/03/2009 01:34] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -- File: C:\WINDOWS\system32\WPDShServiceObj.dll -- [133632] -- [18/10/2006 18:47] "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" -- File: C:\WINDOWS\system32\stobject.dll -- [121856] -- [14/04/2008 02:42] --- STS regkeys --- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" -- File: %SystemRoot%\system32\browseui.dll -- [?] "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" -- File: %SystemRoot%\system32\browseui.dll -- [?] --- USERINIT regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.ex e," File: C:\WINDOWS\system32\userinit.exe -- [26112] -- [14/04/2008 02:42] --- SHELL regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="Explorer.exe" File: C:\WINDOWS\Explorer.exe -- [1033728] -- [14/04/2008 02:42] --- SYSTEM regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" --- APPINIT_DLLS regkey --- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\docume~1\\alluse~1\\applic~1\\ browse~1\\23787~1.43\\{16cdf~1\\browse~1.dll c:\\docume~1\\alluse~1\\applic~1\\browse~1\\22643~ 1.41\\{16cdf~1\\browse~1.dll" File: c:\docume~1\alluse~1\applic~1\browse~1\23787~1.43\ {16cdf~1\browse~1.dll c:\docume~1\alluse~1\applic~1\browse~1\22643~1.41\ {16cdf~1\browse~1.dll -- [X] --- NOTIFY regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] -- File: C:\WINDOWS\system32\crypt32.dll -- [601088] -- [01/06/2012 16:50] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] -- File: C:\WINDOWS\system32\cryptnet.dll -- [64512] -- [14/04/2008 02:41] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] -- File: C:\WINDOWS\system32\cscdll.dll -- [101888] -- [14/04/2008 02:41] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] -- File: %SystemRoot%\System32\dimsntfy.dll -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] -- File: C:\WINDOWS\system32\igfxdev.dll -- [205312] -- [11/11/2009 07:26] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] -- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [14/04/2008 02:42] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] -- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [14/04/2008 02:42] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] -- File: C:\WINDOWS\system32\sclgntfy.dll -- [20480] -- [14/04/2008 02:42] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] -- File: C:\WINDOWS\system32\WlNotify.dll -- [92672] -- [14/04/2008 02:42] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] -- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [14/04/2008 02:42] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] -- File: C:\WINDOWS\system32\WgaLogon.dll -- [239496] -- [10/03/2009 19:18] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] -- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [14/04/2008 02:42] --- RUN / LOAD regkeys --- [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] "load"="" --- SHELLEXECUTEHOOKS regkey --- [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" -- File: shell32.dll -- [?] --- HKLM AUTORUN regkeys --- [HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor] "AutoRun"="" --- HKCU AUTORUN regkeys --- [HKEY_CURRENT_USER\Software\Microsoft\Command Processor] no AutoRun regkey found --- HKLM\RUN regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "IgfxTray" -- File C:\WINDOWS\system32\igfxtray.exe -- [141336] -- [16/11/2009 19:56] "HotKeysCmds" -- File C:\WINDOWS\system32\hkcmd.exe -- [173592] -- [16/11/2009 19:56] "Persistence" -- File C:\WINDOWS\system32\igfxpers.exe -- [141336] -- [16/11/2009 19:56] "AzMixerSel" -- File C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe -- [59936] -- [29/07/2012 10:55] "RTHDCPL" -- File: RTHDCPL.EXE -- [?] "AVG_TRAY" -- File "C:\Program Files\AVG\AVG2012\avgtray.exe" -- [2596984] -- [31/07/2012 00:37] "vProt" -- File "C:\Program Files\AVG Secure Search\vprot.exe" -- [1101488] -- [21/01/2013 19:13] "Adobe ARM" -- File "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" -- [843712] -- [04/04/2012 05:53] "KiesTrayAgent" -- File C:\Program Files\Samsung\Kies\KiesTrayAgent.exe -- [3524536] -- [31/08/2012 00:52] "LManager" -- File C:\Program Files\Launch Manager\LManager.exe -- [908368] -- [08/04/2010 09:18] --- HKLM\RUNONCE regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce] no runonce values found --- HKLM\RUNONCEEX regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx] no runonceex values found --- HKLM\RUNSERVICES regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices] key not found --- HKLM\RUNSERVICESONCE regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce] key not found --- HKCU\RUN regkey --- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "CTFMON.EXE" -- File C:\WINDOWS\system32\ctfmon.exe -- [15360] -- [14/04/2008 02:42] "swg" -- File "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" -- [39408] -- [30/07/2012 20:12] "KiesPDLR" -- File C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDL R.exe -- [21432] -- [31/08/2012 00:52] "msnmsgr" -- File: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background -- [?] --- HKCU\RUNONCE regkey --- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce] no runonce values found --- HKCU\RUNONCEEX regkey --- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnceEx] key not found --- HKCU\RUNSERVICES regkey --- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices] key not found --- HKCU\RUNSERVICESONCE regkey --- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce] key not found --- HKU\.DEFAULT\Run regkeys - Default user --- [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE" -- File C:\WINDOWS\system32\CTFMON.EXE -- [15360] -- [14/04/2008 02:42] --- HKU\S-1-5-18\Run regkeys - user SYSTEM --- [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE" -- File C:\WINDOWS\system32\CTFMON.EXE -- [15360] -- [14/04/2008 02:42] --- HKU\S-1-5-19\Run regkeys - User Lokale service --- [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE" -- File C:\WINDOWS\system32\CTFMON.EXE -- [15360] -- [14/04/2008 02:42] --- HKU\S-1-5-20\Run regkeys - User Lokale service --- [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE" -- File C:\WINDOWS\system32\CTFMON.EXE -- [15360] -- [14/04/2008 02:42] --- HKLM\Explorer\Run regkeys --- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run] key not found --- HKCU\Explorer\Run regkeys --- [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run] key not found --- Image File Execution regkeys --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] no debuggers found --- BROWSER HELPER OBJECTS regkeys --- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] -- File: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll -- [63912] -- [04/04/2012 05:53] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}] -- CLSID not found [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}] -- File: C:\Program Files\Expat Shield\HssIE\ExpatIE.dll -- [233288] -- [04/01/2012 23:02] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] -- CLSID not found [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -- File: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll -- [408448] -- [22/01/2009 14:41] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] -- File: C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll -- [1883824] -- [21/01/2013 19:13] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{a060276a-53be-45ec-8ebe-b94b1e803179}] -- File: C:\Program Files\Expat_Shield\prxtbExpa.dll -- [176936] -- [09/05/2011 09:49] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] -- File: C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -- [192144] -- [09/01/2013 12:31] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] -- File: C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\s wg.dll -- [1000984] -- [09/01/2013 18:52]
|
|
#6
January 26th, 2013, 11:01 AM
|
|||
|
|||
|
--- TOOLBAR regkeys ---
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {95B7759C-8C7F-4BF1-B163-73684A933233} -- File: C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll -- [1883824] -- [21/01/2013 19:13] {a060276a-53be-45ec-8ebe-b94b1e803179} -- File: C:\Program Files\Expat_Shield\prxtbExpa.dll -- [176936] -- [09/05/2011 09:49] {98889811-442D-49dd-99D7-DC866BE87DBC} -- CLSID not found {2318C2B1-4965-11d4-9B18-009027A5CD4F} -- File: C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -- [192144] -- [09/01/2013 12:31] --- HKLM\URLSEARCHHOOKS regkeys --- [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks] key not found --- HKCU\URLSEARCHHOOKS regkeys --- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] {CFBFAE00-17A6-11D0-99CB-00C04FD64497} -- File: C:\WINDOWS\system32\ieframe.dll -- [11111424] -- [01/11/2012 12:17] {a060276a-53be-45ec-8ebe-b94b1e803179} -- File: C:\Program Files\Expat_Shield\prxtbExpa.dll -- [176936] -- [09/05/2011 09:49] --- SRCEENSAVER regkey --- [HKEY_CURRENT_USER\Control Panel\Desktop] scrnsave.exe value not found --- ALTERNATESHELL regkey --- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot] File: C:\WINDOWS\system32\cmd.exe -- [389120] -- [14/04/2008 02:42] --- SECURITYPROVIDERS regkey --- [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" File: C:\WINDOWS\system32\msapsspc.dll -- [86016] -- [14/04/2008 02:42] File: C:\WINDOWS\system32\schannel.dll -- [152576] -- [04/06/2012 04:32] File: C:\WINDOWS\system32\digest.dll -- [68608] -- [14/04/2008 02:41] File: C:\WINDOWS\system32\msnsspc.dll -- [290816] -- [14/04/2008 02:42] --- Active Setup\Installed Components regkey --- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] -- File: C:\WINDOWS\system32\ieudinit.exe -- [36864] -- [08/03/2009 01:32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] -- File: C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] -- File: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] -- File: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] -- File: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] -- File: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -- File: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] -- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser .NT -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] -- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] -- File: regsvr32.exe /s /n /i:U shell32.dll -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] -- File: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] -- File: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}] -- filepath not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C3C986D6-06B1-43BF-90DD-BE30756C00DE}] -- filepath not found -- DRIVERS -- S4 - Abiosdsk - Abiosdsk - S4 - abp480n5 - abp480n5 - R0 - ACPI - Microsoft ACPI Driver - C:\WINDOWS\system32\DRIVERS\ACPI.sys R0 - ACPIEC - Microsoft Embedded Controller Driver - C:\WINDOWS\system32\DRIVERS\ACPIEC.sys S4 - adpu160m - adpu160m - S3 - aec - Microsoft Kernel Acoustic Echo Canceller - C:\WINDOWS\system32\drivers\aec.sys R1 - AFD - AFD - C:\WINDOWS\system32\drivers\afd.sys S4 - Aha154x - Aha154x - S4 - aic78u2 - aic78u2 - S4 - aic78xx - aic78xx - S4 - AliIde - AliIde - S3 - Ambfilt - Ambfilt - C:\WINDOWS\system32\drivers\Ambfilt.sys S4 - amsint - amsint - S3 - androidusb - SAMSUNG Android Composite ADB Interface Driver - C:\WINDOWS\system32\Drivers\ssadadb.sys S4 - asc - asc - S4 - asc3350p - asc3350p - S4 - asc3550 - asc3550 - S3 - AsyncMac - RAS Asynchronous Media Driver - C:\WINDOWS\system32\DRIVERS\asyncmac.sys R0 - atapi - Standard IDE/ESDI Hard Disk Controller - C:\WINDOWS\system32\DRIVERS\atapi.sys S4 - Atdisk - Atdisk - S3 - Atmarpc - ATM ARP Client Protocol - C:\WINDOWS\system32\DRIVERS\atmarpc.sys R3 - audstub - Audio Stub Driver - C:\WINDOWS\system32\DRIVERS\audstub.sys R3 - AVGIDSDriver - AVGIDSDriver - C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys R3 - AVGIDSFilter - AVGIDSFilter - C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys R0 - AVGIDSHX - AVGIDSHX - C:\WINDOWS\system32\DRIVERS\avgidshx.sys R3 - AVGIDSShim - AVGIDSShim - C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys R1 - Avgldx86 - AVG AVI Loader Driver - C:\WINDOWS\system32\DRIVERS\avgldx86.sys R1 - Avgmfx86 - AVG Mini-Filter Resident Anti-Virus Shield - C:\WINDOWS\system32\DRIVERS\avgmfx86.sys R0 - Avgrkx86 - AVG Anti-Rootkit Driver - C:\WINDOWS\system32\DRIVERS\avgrkx86.sys R1 - Avgtdix - AVG TDI Driver - C:\WINDOWS\system32\DRIVERS\avgtdix.sys R1 - avgtp - avgtp - \??\C:\WINDOWS\system32\drivers\avgtpx86.sys R3 - BCM43XX - Broadcom 802.11 Network Adapter Driver - C:\WINDOWS\system32\DRIVERS\bcmwl5.sys R1 - Beep - Beep - C:\WINDOWS\system32\drivers\Beep.sys S4 - cbidf2k - cbidf2k - C:\WINDOWS\system32\drivers\cbidf2k.sys S3 - CCDECODE - Closed Caption Decoder - C:\WINDOWS\system32\DRIVERS\CCDECODE.sys S4 - cd20xrnt - cd20xrnt - S1 - Cdaudio - Cdaudio - C:\WINDOWS\system32\drivers\Cdaudio.sys S4 - Cdfs - Cdfs - C:\WINDOWS\system32\drivers\Cdfs.sys S1 - Cdrom - CD-ROM Driver - C:\WINDOWS\system32\DRIVERS\cdrom.sys S1 - Changer - Changer - R3 - CmBatt - Microsoft ACPI Control Method Battery Driver - C:\WINDOWS\system32\DRIVERS\CmBatt.sys S4 - CmdIde - CmdIde - R0 - Compbatt - Microsoft Composite Battery Driver - C:\WINDOWS\system32\DRIVERS\compbatt.sys S4 - Cpqarray - Cpqarray - S3 - cpuz135 - cpuz135 - \??\C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys S4 - dac960nt - dac960nt - R0 - Disk - Disk Driver - C:\WINDOWS\system32\DRIVERS\disk.sys S4 - dmboot - dmboot - C:\WINDOWS\system32\drivers\dmboot.sys R0 - dmio - Logical Disk Manager Driver - C:\WINDOWS\system32\drivers\dmio.sys R0 - dmload - dmload - C:\WINDOWS\system32\drivers\dmload.sys S3 - DMusic - Microsoft Kernel DLS Syntheiszer - C:\WINDOWS\system32\drivers\DMusic.sys S4 - dpti2o - dpti2o - S3 - drmkaud - Microsoft Kernel DRM Audio Descrambler - C:\WINDOWS\system32\drivers\drmkaud.sys S4 - Fastfat - Fastfat - C:\WINDOWS\system32\drivers\Fastfat.sys S1 - Fdc - Fdc - C:\WINDOWS\system32\drivers\Fdc.sys R1 - Fips - Fips - C:\WINDOWS\system32\drivers\Fips.sys S1 - Flpydisk - Flpydisk - C:\WINDOWS\system32\drivers\Flpydisk.sys R0 - FltMgr - FltMgr - C:\WINDOWS\system32\drivers\fltmgr.sys R0 - Ftdisk - Volume Manager Driver - C:\WINDOWS\system32\DRIVERS\ftdisk.sys R3 - Gpc - Generic Packet Classifier - C:\WINDOWS\system32\DRIVERS\msgpc.sys R3 - HDAudBus - Microsoft UAA Bus Driver for High Definition Audio - C:\WINDOWS\system32\DRIVERS\HDAudBus.sys S4 - hpn - hpn - R3 - HssDrv - Expat Shield Routing Miniport - C:\WINDOWS\system32\DRIVERS\HssDrv.sys R3 - HTTP - HTTP - C:\WINDOWS\system32\Drivers\HTTP.sys S1 - i2omgmt - i2omgmt - S4 - i2omp - i2omp - R1 - i8042prt - i8042 Keyboard and PS/2 Mouse Port Driver - C:\WINDOWS\system32\DRIVERS\i8042prt.sys R3 - ialm - ialm - C:\WINDOWS\system32\DRIVERS\igxpmp32.sys S1 - Imapi - CD-Burning Filter Driver - C:\WINDOWS\system32\DRIVERS\imapi.sys S4 - ini910u - ini910u - R3 - IntcAzAudAddService - Service for Realtek HD Audio (WDM) - C:\WINDOWS\system32\drivers\RtkHDAud.sys S4 - IntelIde - IntelIde - R1 - intelppm - Intel Processor Driver - C:\WINDOWS\system32\DRIVERS\intelppm.sys S3 - Ip6Fw - IPv6 Windows Firewall Driver - C:\WINDOWS\system32\drivers\ip6fw.sys S3 - IpFilterDriver - IP Traffic Filter Driver - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys S3 - IpInIp - IP in IP Tunnel Driver - C:\WINDOWS\system32\DRIVERS\ipinip.sys R3 - IpNat - IP Network Address Translator - C:\WINDOWS\system32\DRIVERS\ipnat.sys R1 - IPSec - IPSEC driver - C:\WINDOWS\system32\DRIVERS\ipsec.sys S3 - IRENUM - IR Enumerator Service - C:\WINDOWS\system32\DRIVERS\irenum.sys R0 - isapnp - PnP ISA/EISA Bus Driver - C:\WINDOWS\system32\DRIVERS\isapnp.sys R1 - Kbdclass - Keyboard Class Driver - C:\WINDOWS\system32\DRIVERS\kbdclass.sys R3 - kmixer - Microsoft Kernel Wave Audio Mixer - C:\WINDOWS\system32\drivers\kmixer.sys R0 - KSecDD - KSecDD - C:\WINDOWS\system32\drivers\KSecDD.sys R3 - L1c - NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller - C:\WINDOWS\system32\DRIVERS\l1c51x86.sys S1 - lbrtfdc - lbrtfdc - R1 - mnmdd - mnmdd - C:\WINDOWS\system32\drivers\mnmdd.sys S3 - Modem - Modem - C:\WINDOWS\system32\drivers\Modem.sys S3 - Monfilt - Monfilt - C:\WINDOWS\system32\drivers\Monfilt.sys R1 - Mouclass - Mouse Class Driver - C:\WINDOWS\system32\DRIVERS\mouclass.sys R0 - MountMgr - Mount Point Manager - C:\WINDOWS\system32\drivers\MountMgr.sys S4 - mraid35x - mraid35x - R3 - MRxDAV - WebDav Client Redirector - C:\WINDOWS\system32\DRIVERS\mrxdav.sys R1 - MRxSmb - MRXSMB - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys R1 - Msfs - Msfs - C:\WINDOWS\system32\drivers\Msfs.sys S3 - MSKSSRV - Microsoft Streaming Service Proxy - C:\WINDOWS\system32\drivers\MSKSSRV.sys S3 - MSPCLOCK - Microsoft Streaming Clock Proxy - C:\WINDOWS\system32\drivers\MSPCLOCK.sys S3 - MSPQM - Microsoft Streaming Quality Manager Proxy - C:\WINDOWS\system32\drivers\MSPQM.sys R3 - mssmbios - Microsoft System Management BIOS Driver - C:\WINDOWS\system32\DRIVERS\mssmbios.sys S3 - MSTEE - Microsoft Streaming Tee/Sink-to-Sink Converter - C:\WINDOWS\system32\drivers\MSTEE.sys R0 - Mup - Mup - C:\WINDOWS\system32\drivers\Mup.sys S3 - NABTSFEC - NABTS/FEC VBI Codec - C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys R0 - NDIS - NDIS System Driver - C:\WINDOWS\system32\drivers\NDIS.sys S3 - NdisIP - Microsoft TV/Video Connection - C:\WINDOWS\system32\DRIVERS\NdisIP.sys R3 - NdisTapi - Remote Access NDIS TAPI Driver - C:\WINDOWS\system32\DRIVERS\ndistapi.sys R3 - Ndisuio - NDIS Usermode I/O Protocol - C:\WINDOWS\system32\DRIVERS\ndisuio.sys R3 - NdisWan - Remote Access NDIS WAN Driver - C:\WINDOWS\system32\DRIVERS\ndiswan.sys R3 - NDProxy - NDIS Proxy - C:\WINDOWS\system32\drivers\NDProxy.sys R1 - NetBIOS - NetBIOS Interface - C:\WINDOWS\system32\DRIVERS\netbios.sys R1 - NetBT - NetBios over Tcpip - C:\WINDOWS\system32\DRIVERS\netbt.sys R1 - Npfs - Npfs - C:\WINDOWS\system32\drivers\Npfs.sys R4 - Ntfs - Ntfs - C:\WINDOWS\system32\drivers\Ntfs.sys R1 - Null - Null - C:\WINDOWS\system32\drivers\Null.sys S3 - NwlnkFlt - IPX Traffic Filter Driver - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys S3 - NwlnkFwd - IPX Traffic Forwarder Driver - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys S3 - Parport - Parport - C:\WINDOWS\system32\drivers\Parport.sys R0 - PartMgr - Partition Manager - C:\WINDOWS\system32\drivers\PartMgr.sys S2 - ParVdm - ParVdm - C:\WINDOWS\system32\drivers\ParVdm.sys R0 - PCI - PCI Bus Driver - C:\WINDOWS\system32\DRIVERS\pci.sys S1 - PCIDump - PCIDump - R0 - PCIIde - PCIIde - C:\WINDOWS\system32\DRIVERS\pciide.sys S4 - Pcmcia - Pcmcia - C:\WINDOWS\system32\drivers\Pcmcia.sys S3 - PDCOMP - PDCOMP - S3 - PDFRAME - PDFRAME - S3 - PDRELI - PDRELI - S3 - PDRFRAME - PDRFRAME - S4 - perc2 - perc2 - S4 - perc2hib - perc2hib - R3 - PptpMiniport - WAN Miniport (PPTP) - C:\WINDOWS\system32\DRIVERS\raspptp.sys R3 - PSched - QoS Packet Scheduler - C:\WINDOWS\system32\DRIVERS\psched.sys R3 - Ptilink - Direct Parallel Link Driver - C:\WINDOWS\system32\DRIVERS\ptilink.sys S4 - ql1080 - ql1080 - S4 - Ql10wnt - Ql10wnt - S4 - ql12160 - ql12160 - S4 - ql1240 - ql1240 - S4 - ql1280 - ql1280 - R1 - RasAcd - Remote Access Auto Connection Driver - C:\WINDOWS\system32\DRIVERS\rasacd.sys R3 - Rasl2tp - WAN Miniport (L2TP) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys R3 - RasPppoe - Remote Access PPPOE Driver - C:\WINDOWS\system32\DRIVERS\raspppoe.sys R3 - Raspti - Direct Parallel - C:\WINDOWS\system32\DRIVERS\raspti.sys R1 - Rdbss - Rdbss - C:\WINDOWS\system32\DRIVERS\rdbss.sys R1 - RDPCDD - RDPCDD - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys R3 - rdpdr - Terminal Server Device Redirector Driver - C:\WINDOWS\system32\DRIVERS\rdpdr.sys S3 - RDPWD - RDPWD - C:\WINDOWS\system32\drivers\RDPWD.sys S1 - redbook - Digital CD Audio Playback Filter Driver - C:\WINDOWS\system32\DRIVERS\redbook.sys S3 - Secdrv - Secdrv - C:\WINDOWS\system32\DRIVERS\secdrv.sys S2 - Serial - Serial - C:\WINDOWS\system32\drivers\Serial.sys S1 - Sfloppy - Sfloppy - C:\WINDOWS\system32\drivers\Sfloppy.sys S4 - Simbad - Simbad - S3 - SLIP - BDA Slip De-Framer - C:\WINDOWS\system32\DRIVERS\SLIP.sys S4 - Sparrow - Sparrow - S3 - splitter - Microsoft Kernel Audio Splitter - C:\WINDOWS\system32\drivers\splitter.sys R0 - sr - System Restore Filter Driver - C:\WINDOWS\system32\DRIVERS\sr.sys R3 - Srv - Srv - C:\WINDOWS\system32\DRIVERS\srv.sys S3 - ssadbus - SAMSUNG Android USB Composite Device driver (WDM) - C:\WINDOWS\system32\DRIVERS\ssadbus.sys S3 - ssadmdfl - SAMSUNG Android USB Modem (Filter) - C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys S3 - ssadmdm - SAMSUNG Android USB Modem Drivers - C:\WINDOWS\system32\DRIVERS\ssadmdm.sys S3 - ssadserd - SAMSUNG Android USB Diagnostic Serial Port (WDM) - C:\WINDOWS\system32\DRIVERS\ssadserd.sys S3 - streamip - BDA IPSink - C:\WINDOWS\system32\DRIVERS\StreamIP.sys R3 - swenum - Software Bus Driver - C:\WINDOWS\system32\DRIVERS\swenum.sys S3 - swmidi - Microsoft Kernel GS Wavetable Synthesizer - C:\WINDOWS\system32\drivers\swmidi.sys S4 - symc810 - symc810 - S4 - symc8xx - symc8xx - S4 - sym_hi - sym_hi - S4 - sym_u3 - sym_u3 - R3 - sysaudio - Microsoft Kernel System Audio Device - C:\WINDOWS\system32\drivers\sysaudio.sys R3 - taphss - Anchorfree HSS Adapter - C:\WINDOWS\system32\DRIVERS\taphss.sys R1 - Tcpip - TCP/IP Protocol Driver - C:\WINDOWS\system32\DRIVERS\tcpip.sys S3 - TDPIPE - TDPIPE - C:\WINDOWS\system32\drivers\TDPIPE.sys S3 - TDTCP - TDTCP - C:\WINDOWS\system32\drivers\TDTCP.sys R1 - TermDD - Terminal Device Driver - C:\WINDOWS\system32\DRIVERS\termdd.sys S4 - TosIde - TosIde - S4 - Udfs - Udfs - C:\WINDOWS\system32\drivers\Udfs.sys S4 - ultra - ultra - R3 - Update - Microcode Update Driver - C:\WINDOWS\system32\DRIVERS\update.sys R3 - usbccgp - Microsoft USB Generic Parent Driver - C:\WINDOWS\system32\DRIVERS\usbccgp.sys R3 - usbehci - Microsoft USB 2.0 Enhanced Host Controller Miniport Driver - C:\WINDOWS\system32\DRIVERS\usbehci.sys R3 - usbhub - USB2 Enabled Hub - C:\WINDOWS\system32\DRIVERS\usbhub.sys S3 - usbstor - USB Mass Storage Driver - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS R3 - usbuhci - Microsoft USB Universal Host Controller Miniport Driver - C:\WINDOWS\system32\DRIVERS\usbuhci.sys R3 - usbvideo - USB Video Device (WDM) - C:\WINDOWS\system32\Drivers\usbvideo.sys S3 - usb_rndisx - USB RNDIS Adapter - C:\WINDOWS\system32\DRIVERS\usb8023x.sys R1 - VgaSave - VGA Display Controller. - C:\WINDOWS\system32\drivers\vga.sys S4 - ViaIde - ViaIde - R0 - VolSnap - VolSnap - C:\WINDOWS\system32\drivers\VolSnap.sys R3 - Wanarp - Remote Access IP ARP Driver - C:\WINDOWS\system32\DRIVERS\wanarp.sys S3 - Wdf01000 - Wdf01000 - C:\WINDOWS\system32\DRIVERS\Wdf01000.sys S3 - WDICA - WDICA - R3 - wdmaud - Microsoft WINMM WDM Audio Compatibility Driver - C:\WINDOWS\system32\drivers\wdmaud.sys R1 - WmiAcpi - Microsoft Windows Management Interface for ACPI - C:\WINDOWS\system32\DRIVERS\wmiacpi.sys S3 - WSTCODEC - World Standard Teletext Codec - C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS S3 - WudfPf - Windows Driver Foundation - User-mode Driver Framework Platform Driver - C:\WINDOWS\system32\DRIVERS\WudfPf.sys S3 - WudfRd - Windows Driver Foundation - User-mode Driver Framework Reflector - C:\WINDOWS\system32\DRIVERS\wudfrd.sys -- SERVICES -- S3 - AdobeFlashPlayerUpdateSvc - Adobe Flash Player Update Service - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe R3 - ALG - Application Layer Gateway Service - C:\WINDOWS\System32\alg.exe S3 - aspnet_state - ASP.NET State Service - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe R2 - AVGIDSAgent - AVGIDSAgent - "C:\Program Files\AVG\AVG2012\avgidsagent.exe" R2 - avgwd - AVG WatchDog - "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" R2 - Browser Manager - Browser Manager - C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe S3 - CiSvc - Indexing Service - C:\WINDOWS\system32\cisvc.exe S4 - ClipSrv - ClipBook - C:\WINDOWS\system32\clipsrv.exe S3 - clr_optimization_v2.0.50727_32 - .NET Runtime Optimization Service v2.0.50727_X86 - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe S2 - clr_optimization_v4.0.30319_32 - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe S3 - COMSysApp - COM+ System Application - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} S3 - dmadmin - Logical Disk Manager Administrative Service - C:\WINDOWS\System32\dmadmin.exe /com R2 - DsiWMIService - Dritek WMI Service - C:\Program Files\Launch Manager\dsiwmis.exe R2 - Eventlog - Event Log - C:\WINDOWS\system32\services.exe R2 - ExpatShieldService - Expat Shield Service - C:\Program Files\Expat Shield\bin\openvpnas.exe R2 - ExpatSrv - Expat Shield Routing Service - C:\Program Files\Expat Shield\HssWPR\hsssrv.exe S3 - ExpatTrayService - Expat Shield Tray Service - C:\Program Files\Expat Shield\bin\ExpatTrayService.EXE R2 - ExpatWd - Expat Shield Monitoring Service - C:\Program Files\Expat Shield\bin\hsswd.exe -product Expat S3 - FontCache3.0.0.0 - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe S2 - gupdate - Google Update Service (gupdate) - "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc S3 - gupdatem - Google Update Service (gupdatem) - "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc S3 - gusvc - Google Software Updater - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" S3 - idsvc - Windows CardSpace - "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windo ws Communication Foundation\infocard.exe" S3 - ImapiService - IMAPI CD-Burning COM Service - C:\WINDOWS\system32\imapi.exe S3 - mnmsrvc - NetMeeting Remote Desktop Sharing - C:\WINDOWS\system32\mnmsrvc.exe S3 - MSDTC - Distributed Transaction Coordinator - C:\WINDOWS\system32\msdtc.exe S4 - NetDDE - Network DDE - C:\WINDOWS\system32\netdde.exe S4 - NetDDEdsdm - Network DDE DSDM - C:\WINDOWS\system32\netdde.exe S3 - Netlogon - Net Logon - C:\WINDOWS\system32\lsass.exe S3 - NtLmSsp - NT LM Security Support Provider - C:\WINDOWS\system32\lsass.exe R2 - PlugPlay - Plug and Play - C:\WINDOWS\system32\services.exe R2 - PolicyAgent - IPSEC Services - C:\WINDOWS\system32\lsass.exe R2 - ProtectedStorage - Protected Storage - C:\WINDOWS\system32\lsass.exe S3 - RDSessMgr - Remote Desktop Help Session Manager - C:\WINDOWS\system32\sessmgr.exe S3 - RpcLocator - Remote Procedure Call (RPC) Locator - C:\WINDOWS\system32\locator.exe S3 - RSVP - QoS RSVP - C:\WINDOWS\system32\rsvp.exe R2 - SamSs - Security Accounts Manager - C:\WINDOWS\system32\lsass.exe S3 - SCardSvr - Smart Card - C:\WINDOWS\System32\SCardSvr.exe R2 - Spooler - Print Spooler - C:\WINDOWS\system32\spoolsv.exe S3 - SwPrv - MS Software Shadow Copy Provider - C:\WINDOWS\system32\dllhost.exe /Processid:{24580EE4-5401-49CD-960D-3795D12F951F} S3 - SysmonLog - Performance Logs and Alerts - C:\WINDOWS\system32\smlogsvc.exe S4 - TlntSvr - Telnet - C:\WINDOWS\system32\tlntsvr.exe S3 - UPS - Uninterruptible Power Supply - C:\WINDOWS\System32\ups.exe S3 - VSS - Volume Shadow Copy - C:\WINDOWS\System32\vssvc.exe R2 - vToolbarUpdater14.0.1 - vToolbarUpdater14.0.1 - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe S3 - WmiApSrv - WMI Performance Adapter - C:\WINDOWS\system32\wbem\wmiapsrv.exe R3 - WPFFontCache_v0400 - Windows Presentation Foundation Font Cache 4.0.0.0 - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe R3 - MSIServer - Windows Installer - C:\WINDOWS\system32\msiexec.exe /V --- SAFEBOOT MINIMAL SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal {533C5B84-EC70-11D2-9505-00C04F79DEAF} --- SAFEBOOT Network SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network DnsCache --- BOOTEXECUTE regkey --- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager] "BootExecute"= autocheck autochk *\0C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart\0\0 --- PENDINGFILERENAMEOPERATIONS regkey --- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager] "PendingFileRenameOperations"= \??\C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\hashmast.cbd\0\0\??\C:\WINDOWS\syste m32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\hashmast.cbk\0\0\??\C:\WINDOWS\syste m32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catmast.cbd\0\0\??\C:\WINDOWS\system 32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catmast.cbk\0\0\??\C:\WINDOWS\system 32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\sysmast.cbd\0\0\??\C:\WINDOWS\system 32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\sysmast.cbk\0\0\??\C:\WINDOWS\system 32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\hashmast.cbd\0\0\??\C:\WINDOWS\syste m32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\hashmast.cbk\0\0\??\C:\WINDOWS\syste m32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catmast.cbd\0\0\??\C:\WINDOWS\system 32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catmast.cbk\0\0\??\C:\WINDOWS\system 32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\sysmast.cbd\0\0\??\C:\WINDOWS\system 32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\sysmast.cbk\0\0\??\C:\WINDOWS\system 32\CatRoot\hashmast.cbd\0\0\??\C:\WINDOWS\system32 \CatRoot\hashmast.cbk\0\0\??\C:\WINDOWS\system32\C atRoot\catmast.cbd\0\0\??\C:\WINDOWS\system32\CatR oot\catmast.cbk\0\0\??\C:\WINDOWS\system32\CatRoot \sysmast.cbd\0\0\??\C:\WINDOWS\system32\CatRoot\sy smast.cbk\0\0\0 --- WOW-CMDLINE regkeys --- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\WOW] "cmdline" = %SystemRoot%\system32\ntvdm.exe "cmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 --- SVCHOST HTTPFilter regkey --- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- HTTPFilter HTTPFilter -- %SystemRoot%\System32\w3ssl.dll --- SVCHOST LocalService regkey --- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- LocalService only standard values found --- SVCHOST NetworkService regkey --- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- NetworkService only standard values found --- SVCHOST netsvcs regkey --- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- netsvcs WmdmPmSN -- C:\WINDOWS\system32\MsPMSNSv.dll --- SVCHOST DcomLaunch regkey --- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- DcomLaunch only standard values found --- SVCHOST rpcss regkey --- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- rpcss only standard values found --- SVCHOST imgsvc regkey --- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- imgsvc only standard values found --- SVCHOST termsvcs regkey --- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- termsvcs only standard values found --- SVCHOST eapsvcs regkey --- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- eapsvcs eaphost -- %SystemRoot%\System32\eapsvc.dll --- SVCHOST dot3svc regkey --- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- dot3svc dot3svc -- %SystemRoot%\System32\dot3svc.dll --- SVCHOST WudfServiceGroup regkey --- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- WudfServiceGroup WUDFSvc -- %SystemRoot%\System32\WUDFSvc.dll --- DNS SERVER regkeys --- no "NameServer" values found --- HKCU SEARCHSCOPE --- DefaultScope= {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL REG_SZ http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9} URL REG_SZ http://search.babylon.com/?q={searchTerms}&affID=111434&tt=120912_cpc_3712_5 &babsrc=SP_ss&mntrId=10c50a8500000000000000ffd744a a9a HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{1152d448-6bbd-4dc0-9b44-e62c9f22f8fa} URL REG_SZ http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233} URL REG_SZ http://isearch.avg.com/search?cid={44C757FE-E265-4666-9004-DCA10B378883}&mid=96bb079ccfab47d08075a9ad46cabd01-0d266890adb40758c96080caf29a7a4c238e83ab&lang=en&d s=AVG&pr=fr&d=2012-07-29 19:15:48&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={search Terms} HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} URL REG_SZ http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2549263 --- HKLM SEARCHSCOPE --- DefaultScope= {1152D448-6BBD-4DC0-9B44-E62C9F22F8FA} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL REG_SZ http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? } HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\searchscopes\{1152d448-6bbd-4dc0-9b44-e62c9f22f8fa} URL REG_SZ http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 --- File associations --- .BAT files: ("%1" %*) .COM files: ("%1" %*) .EXE files: ("%1" %*) .HLP files: (%SystemRoot%\System32\winhlp32.exe %1) .INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1) .INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1) .JS files: (%SystemRoot%\System32\WScript.exe "%1" %*) .PIF files: ("%1" %*) .REG files: (regedit.exe "%1") .SCR files: ("%1" %*) .TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1) .VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*) --- STARTUP FOLDERS --- C:\Documents and Settings\Bill\Start Menu\Programs\Startup\desktop.ini -- [84] -- [29/07/2012 13:58] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -- [84] -- [29/07/2012 13:58] C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini -- [84] -- [29/07/2012 13:58] C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini -- [84] -- [29/07/2012 13:58] --- TASK SCHEDULER JOBS --- C:\WINDOWS\tasks\Adobe Flash Player Updater.job -- [830] -- [25/01/2013 13:59] C:\WINDOWS\tasks\Browser Manager.job -- [294] -- [26/01/2013 09:47] C:\WINDOWS\tasks\Critical Battery Alarm Program.job -- [104] -- [15/09/2012 12:50] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -- [878] -- [26/01/2013 09:18] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -- [882] -- [26/01/2013 09:31] C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job -- [342] -- [26/01/2013 09:18] C:\WINDOWS\tasks\User_Feed_Synchronization-{797FF3F8-EEDD-4B7E-BEE4-6A95C35FE170}.job -- [420] -- [26/01/2013 09:21] C:\WINDOWS\tasks\User_Feed_Synchronization-{A5F42470-C1F9-4FC4-B5CE-438EBE41E436}.job -- [428] -- [26/01/2013 09:45] --- Created files --- 2013-01-26 09:44:26 -------- d-----w- [---] C:\WINDOWS\RegLooks 2013-01-26 09:36:47 2590 ----a-w- [---] C:\WINDOWS\bitssetup.log 2013-01-26 09:18:56 294 ----a-w- [---] C:\WINDOWS\Tasks\Browser Manager.job 2013-01-21 19:13:33 342 ----a-w- [---] C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job 2013-01-19 19:22:33 7762 ----a-w- [---] C:\WINDOWS\KB2799329-IE8.log --- Modified files --- 2013-01-26 09:47:00 294 ----a-w- [---] C:\WINDOWS\Tasks\Browser Manager.job 2013-01-26 09:45:00 428 ---ha-w- [---] C:\WINDOWS\Tasks\User_Feed_Synchronization-{A5F42470-C1F9-4FC4-B5CE-438EBE41E436}.job 2013-01-26 09:44:27 200704 ---ha-w- [---] C:\Documents and Settings\Bill\ntuser.dat.LOG 2013-01-26 09:38:03 23392 ----a-w- [---] C:\WINDOWS\system32\nscompat.tlb 2013-01-26 09:38:03 16832 ----a-w- [---] C:\WINDOWS\system32\amcompat.tlb 2013-01-26 09:38:00 1605484 ----a-w- [---] C:\WINDOWS\WindowsUpdate.log 2013-01-26 09:36:47 2590 ----a-w- [---] C:\WINDOWS\bitssetup.log 2013-01-26 09:31:01 882 ----a-w- [---] C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-01-26 09:23:23 76382 ----a-w- [---] C:\WINDOWS\system32\perfc009.dat 2013-01-26 09:23:23 559930 ----a-w- [---] C:\WINDOWS\system32\PerfStringBackup.INI 2013-01-26 09:23:23 473454 ----a-w- [---] C:\WINDOWS\system32\perfh009.dat 2013-01-26 09:21:54 420 ---ha-w- [---] C:\WINDOWS\Tasks\User_Feed_Synchronization-{797FF3F8-EEDD-4B7E-BEE4-6A95C35FE170}.job 2013-01-26 09:19:43 13646 ----a-w- [---] C:\WINDOWS\system32\wpa.dbl 2013-01-26 09:19:42 0 ----a-w- [---] C:\WINDOWS\0.log 2013-01-26 09:19:23 159 ----a-w- [---] C:\WINDOWS\wiadebug.log 2013-01-26 09:19:05 49 ----a-w- [---] C:\WINDOWS\wiaservc.log 2013-01-26 09:18:50 878 ----a-w- [---] C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-01-26 09:18:50 342 ----a-w- [---] C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job 2013-01-26 09:18:38 6 ---ha-w- [---] C:\WINDOWS\Tasks\SA.DAT 2013-01-26 09:18:34 2048 --s-a-w- [---] C:\WINDOWS\bootstat.dat 2013-01-25 16:10:24 32444 ----a-w- [---] C:\WINDOWS\SchedLgU.Txt 2013-01-25 16:10:20 2359296 ---ha-w- [---] C:\Documents and Settings\Bill\NTUSER.DAT 2013-01-25 16:10:20 178 --sh--w- [---] C:\Documents and Settings\Bill\ntuser.ini 2013-01-25 13:59:00 830 ----a-w- [---] C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-01-21 19:13:04 31576 ----a-w- [7--] C:\WINDOWS\system32\drivers\avgtpx86.sys 2013-01-19 19:23:17 926614 ----a-w- [---] C:\WINDOWS\FaxSetup.log 2013-01-19 19:23:17 7762 ----a-w- [---] C:\WINDOWS\KB2799329-IE8.log 2013-01-19 19:23:17 64905 ----a-w- [---] C:\WINDOWS\MedCtrOC.log 2013-01-19 19:23:17 51320 ----a-w- [---] C:\WINDOWS\ocmsn.log 2013-01-19 19:23:17 47436 ----a-w- [---] C:\WINDOWS\tabletoc.log 2013-01-19 19:23:17 46447 ----a-w- [---] C:\WINDOWS\msgsocm.log 2013-01-19 19:23:17 453316 ----a-w- [---] C:\WINDOWS\ocgen.log 2013-01-19 19:23:17 426759 ----a-w- [---] C:\WINDOWS\tsoc.log 2013-01-19 19:23:17 319805 ----a-w- [---] C:\WINDOWS\comsetup.log 2013-01-19 19:23:17 191691 ----a-w- [---] C:\WINDOWS\ntdtcsetup.log 2013-01-19 19:23:17 162748 ----a-w- [---] C:\WINDOWS\netfxocm.log 2013-01-19 19:23:17 1374 ----a-w- [---] C:\WINDOWS\imsins.log 2013-01-19 19:23:17 1034089 ----a-w- [---] C:\WINDOWS\iis6.log 2013-01-19 19:23:15 290736 ----a-w- [---] C:\WINDOWS\msmqinst.log 2013-01-19 19:23:12 141636 ----a-w- [---] C:\WINDOWS\updspapi.log 2013-01-10 18:22:11 1374 ----a-w- [---] C:\WINDOWS\imsins.BAK 2013-01-10 18:22:10 11015 ----a-w- [---] C:\WINDOWS\KB2757638.log 2013-01-10 18:15:29 65273848 ----a-w- [7--] C:\WINDOWS\system32\MRT.exe 2013-01-06 05:34:35 6009856 -c----w- [7--] C:\WINDOWS\system32\dllcache\mshtml.dll 2013-01-06 05:34:35 6009856 ----a-w- [7-8] C:\WINDOWS\system32\mshtml.dll 2012-12-28 17:15:34 616824 ----a-w- [---] C:\WINDOWS\setupapi.log 2012-12-26 15:29:14 98256 ----a-w- [---] C:\WINDOWS\system32\FNTCACHE.DAT 2012-12-26 15:23:54 7440 ----a-w- [---] C:\WINDOWS\KB2753842-v2.log 2012-12-17 19:19:25 18692 ----a-w- [---] C:\WINDOWS\KB2758857.log 2012-12-17 19:19:13 19290 ----a-w- [---] C:\WINDOWS\KB2779030.log 2012-12-17 18:59:02 17410 ----a-w- [---] C:\WINDOWS\system32\TZLog.log 2012-12-17 18:59:02 10252 ----a-w- [---] C:\WINDOWS\KB2779562.log 2012-12-17 18:58:52 17619 ----a-w- [---] C:\WINDOWS\KB2753842.log 2012-12-17 18:58:30 16888 ----a-w- [---] C:\WINDOWS\KB2770660.log 2012-12-17 18:57:48 16913 ----a-w- [---] C:\WINDOWS\KB2727528.log 2012-12-17 18:48:27 17027 ----a-w- [---] C:\WINDOWS\KB2761465-IE8.log 2012-12-16 12:23:59 290560 -c----w- [7--] C:\WINDOWS\system32\dllcache\atmfd.dll 2012-12-16 12:23:59 290560 ----a-w- [7-8] C:\WINDOWS\system32\atmfd.dll 2012-11-13 01:25:12 1866368 -c----w- [7--] C:\WINDOWS\system32\dllcache\win32k.sys 2012-11-13 01:25:12 1866368 ----a-w- [7-8] C:\WINDOWS\system32\win32k.sys 2012-11-10 00:39:07 46080 ------w- [7--] C:\WINDOWS\system32\tzchange.exe 2012-11-06 02:01:39 1371648 -c----w- [7--] C:\WINDOWS\system32\dllcache\msxml6.dll 2012-11-06 02:01:39 1371648 ----a-w- [7-8] C:\WINDOWS\system32\msxml6.dll 2012-11-02 02:02:42 375296 -c----w- [7--] C:\WINDOWS\system32\dllcache\dpnet.dll 2012-11-02 02:02:42 375296 ----a-w- [7-8] C:\WINDOWS\system32\dpnet.dll 2012-11-01 12:17:54 916992 -c----w- [7--] C:\WINDOWS\system32\dllcache\wininet.dll 2012-11-01 12:17:54 916992 ----a-w- [7-8] C:\WINDOWS\system32\wininet.dll 2012-11-01 12:17:54 67072 -c----w- [7--] C:\WINDOWS\system32\dllcache\mshtmled.dll 2012-11-01 12:17:54 67072 ----a-w- [7-8] C:\WINDOWS\system32\mshtmled.dll 2012-11-01 12:17:54 630272 -c----w- [7--] C:\WINDOWS\system32\dllcache\msfeeds.dll 2012-11-01 12:17:54 630272 ----a-w- [7--] C:\WINDOWS\system32\msfeeds.dll 2012-11-01 12:17:54 611840 -c----w- [7--] C:\WINDOWS\system32\dllcache\mstime.dll 2012-11-01 12:17:54 611840 ----a-w- [7-8] C:\WINDOWS\system32\mstime.dll 2012-11-01 12:17:54 55296 -c----w- [7--] C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2012-11-01 12:17:54 55296 ----a-w- [7--] C:\WINDOWS\system32\msfeedsbs.dll 2012-11-01 12:17:54 521728 -c----w- [7--] C:\WINDOWS\system32\dllcache\jsdbgui.dll 2012-11-01 12:17:54 43520 -c----w- [7--] C:\WINDOWS\system32\dllcache\licmgr10.dll 2012-11-01 12:17:54 43520 ----a-w- [7-8] C:\WINDOWS\system32\licmgr10.dll 2012-11-01 12:17:54 25600 -c----w- [7--] C:\WINDOWS\system32\dllcache\jsproxy.dll 2012-11-01 12:17:54 25600 ----a-w- [7-8] C:\WINDOWS\system32\jsproxy.dll 2012-11-01 12:17:54 247808 -c----w- [7--] C:\WINDOWS\system32\dllcache\ieproxy.dll 2012-11-01 12:17:54 206848 -c----w- [7--] C:\WINDOWS\system32\dllcache\occache.dll 2012-11-01 12:17:54 206848 ----a-w- [7-8] C:\WINDOWS\system32\occache.dll 2012-11-01 12:17:54 2000384 -c----w- [7--] C:\WINDOWS\system32\dllcache\iertutil.dll 2012-11-01 12:17:54 2000384 ----a-w- [7--] C:\WINDOWS\system32\iertutil.dll 2012-11-01 12:17:54 1469440 -c----w- [7--] C:\WINDOWS\system32\dllcache\inetcpl.cpl 2012-11-01 12:17:54 1469440 ----a-w- [7-8] C:\WINDOWS\system32\inetcpl.cpl 2012-11-01 12:17:54 12800 -c----w- [7--] C:\WINDOWS\system32\dllcache\xpshims.dll 2012-11-01 12:17:54 1212416 -c----w- [7--] C:\WINDOWS\system32\dllcache\urlmon.dll 2012-11-01 12:17:54 1212416 ----a-w- [7-8] C:\WINDOWS\system32\urlmon.dll 2012-11-01 12:17:54 11111424 -c----w- [7--] C:\WINDOWS\system32\dllcache\ieframe.dll 2012-11-01 12:17:54 11111424 ----a-w- [7--] C:\WINDOWS\system32\ieframe.dll 2012-11-01 12:17:54 105984 -c----w- [7--] C:\WINDOWS\system32\dllcache\url.dll 2012-11-01 12:17:54 105984 ----a-w- [7-8] C:\WINDOWS\system32\url.dll 2012-11-01 12:17:53 743424 -c----w- [7--] C:\WINDOWS\system32\dllcache\iedvtool.dll 2012-11-01 12:17:53 387584 -c----w- [7--] C:\WINDOWS\system32\dllcache\iedkcs32.dll 2012-11-01 12:17:53 387584 ----a-w- [7-8] C:\WINDOWS\system32\iedkcs32.dll 2012-11-01 12:17:53 184320 -c----w- [7--] C:\WINDOWS\system32\dllcache\iepeers.dll 2012-11-01 12:17:53 184320 ----a-w- [7-8] C:\WINDOWS\system32\iepeers.dll 2012-11-01 00:35:35 174080 -c----w- [7--] C:\WINDOWS\system32\dllcache\ie4uinit.exe 2012-11-01 00:35:35 174080 ----a-w- [7-8] C:\WINDOWS\system32\ie4uinit.exe 2012-11-01 00:35:34 385024 ----a-w- [7--] C:\WINDOWS\system32\html.iec Scan completed: 26/01/2013 9:47:59.43 FINISHED Many thanks Hurleyberly
|
|
#7
January 27th, 2013, 01:27 AM
|
||||
|
||||
|
Good. Now let's check installs, then move on from there.
Download HijackThis from Here. Then click on the downloaded file, and install HijackThis. In HijackThis, click Config - Misc Tools - Open Uninstall Manager. Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.
|
|
#8
January 27th, 2013, 07:19 PM
|
|||
|
|||
|
Hi Jintan,
I have downloaded Hijackthis, here is the list; Adobe Reader X (10.1.3) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver AVG 2012 AVG 2012 AVG 2012 AVG Security Toolbar Broadcom 802.11 Network Adapter Browser Manager Expat Shield 2.25 Expat Shield Toolbar Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer Google Update Helper High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB961118) Intel(R) Graphics Media Accelerator Driver Junk Mail filter update
|
|
#10
January 28th, 2013, 12:55 PM
|
|||
|
|||
|
Hi
The first time i did it I got lots of 'bad image' popups, this time it looks better Adobe Reader X (10.1.3) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver AVG 2012 AVG 2012 AVG 2012 AVG Security Toolbar Broadcom 802.11 Network Adapter Browser Manager Expat Shield 2.25 Expat Shield Toolbar Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer Google Update Helper High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB961118) Intel(R) Graphics Media Accelerator Driver Junk Mail filter update Launch Manager Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile Microsoft Choice Guard Microsoft Download Manager Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT PC Wizard 2012.2.11 Realtek High Definition Audio Driver Samsung Kies Samsung Kies SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Segoe UI Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows XP (KB2345886) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB973815) Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Format 11 runtime Windows Media Format 11 runtime Windows XP Service Pack 3
|
|
#11
January 29th, 2013, 12:50 AM
|
||||
|
||||
|
Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel.
AVG Security Toolbar - Search hijacker (plus other negatives). Browser Manager - Adware, spyware, search hijacker. Expat Shield 2.25 - Adware when using it. Made by AnchorFree. So far, nothing that comes from them is "free". Expat Shield Toolbar - Adware, spyware, search hijacker. ----------- Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) to your desktop. Click the RogueKiller icon next to: (Download link) : Lien de téléchargement: ). Close all open programs Remember to right click -> run as administrator, and click the downloaded file. Wen RogueKiller finises it's opening scan, press the Scan button.. A RKreport.txt will be created in the same location as the RogueKiller file. If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again. Please post the contents of the RKreport.txt. --------- Please download AdwCleaner by Xplode onto your desktop.
|
|
#12
January 29th, 2013, 09:22 AM
|
|||
|
|||
|
Hi Jintan,
Here is the Rougekiller log RogueKiller V8.4.3 [Jan 27 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Bill [Admin rights] Mode : Scan -- Date : 01/29/2013 08:16:40 | ARK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: FUJITSU MHY2160BH +++++ --- User --- [MBR] 929eaf2286767a34fc5734777f3b228f [BSP] 6f3809f343d8209e09529034b11e0b75 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01292013_02d0816.txt >> RKreport[1]_S_01292013_02d0816.txt Here is the AdwCleaner log # AdwCleaner v2.109 - Logfile created 01/29/2013 at 08:19:13 # Updated 26/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Bill - PAM-3E76C8F1D78 # Boot Mode : Normal # Running from : C:\Documents and Settings\Bill\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** File Found : C:\DOCUME~1\Bill\LOCALS~1\Temp\Uninstall.exe File Found : C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage File Found : C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal File Found : C:\user.js Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon Folder Found : C:\Documents and Settings\All Users\Application Data\Browser Manager Folder Found : C:\Documents and Settings\Bill\Application Data\Babylon Folder Found : C:\Documents and Settings\Bill\Application Data\PriceGong Folder Found : C:\Documents and Settings\Bill\Local Settings\Application Data\Conduit Folder Found : C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigoj ocbpcb Folder Found : C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjglmhbchjomgfmflpgioahka pkhmgc Folder Found : C:\Documents and Settings\Bill\Start Menu\Programs\Browser Manager Folder Found : C:\Documents and Settings\Bridgett\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\Bridgett\Application Data\PriceGong Folder Found : C:\Documents and Settings\Bridgett\Local Settings\Application Data\Conduit Folder Found : C:\Program Files\Conduit ***** [Registry] ***** Key Found : HKCU\Software\5a68ddcb46de444 Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\BrowserMngr Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\ConduitSearchScopes Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\Google\Chrome\Extensions\fnjglmhbchj omgfmflpgioahkapkhmgc Key Found : HKCU\Software\IGearSettings Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\PriceGong Key Found : HKCU\Software\SmartBar Key Found : HKLM\SOFTWARE\5a68ddcb46de444 Key Found : HKLM\Software\Babylon Key Found : HKLM\Software\BrowserMngr Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2549263 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\DataMngr Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fnjglmhbchj omgfmflpgioahkapkhmgc Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmp klohkojmllohdhomoefph Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKU\S-1-5-21-1214440339-287218729-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKU\S-1-5-21-1214440339-287218729-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page] Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v [Unable to get version] File : C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Found [l.1] : urls_to_restore_on_startup ={"backup":{"_signature":"p2wDHkNUrUWu2ETITJP+IHX8 ZzJszjgI3SpNIapR0yU=","_version":4,"extensions":{" ids":["ahfgeienlihckogmohjhadlkjgocpleb","dhkplhfnhceodh ffomolpfigojocbpcb","fnjglmhbchjomgfmflpgioahkapkh mgc","ndibdjnfmopecpmkdieinmbadjfpblof"]}},"browser":{"last_known_google_url":"hxxp://www.google.com.cy/","last_prompted_google_url":"hxxp://www.google.com.cy/","window_placement":{"bottom":560,"left":10,"maxi mized":false,"right":1014,"top":10,"work_area_bott om":570,"work_area_left":0,"work_area_right":1024, "work_area_top":0}},"countryid_at_install":17241," default_apps_install_state":2,"download":{"directo ry_upgrade":true},"extensions":{"alerts":{"initial ized":true},"autoupdate":{"last_check":"1299219222 5409125","next_check":"12992211477929125"},"blackl istupdate":{"lastpingday":"12992166004554125","ver sion":"0.0.0.124"},"chrome_url_overrides":{"bookma rks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"],"newtab":["chrome-extension://dhkplhfnhceodhffomolpfigojocbpcb/redirect.html"]},"settings":{"aandpgohbohmlknpjbblpmoladhoochg":{ "blacklist":true},"abciiempgohamehppammbkhkicmkgko b":{"blacklist":true},"abfclfmhaemoockhhinpplncjeh fpdbd":{"blacklist":true},"acmpfcamncegnhjdeiodgil ikjafcamg":{"blacklist":true},"aebfkgcamgnimcbnbio pgdakknjgggnm":{"blacklist":true},"aemcjbfajnnmhbl ifaejadoecfoaebld":{"blacklist":true},"afenhmponmf mdmbmccbmglppcmjhmhmh":{"blacklist":true},"aglmapj bjphdidmnileogpjkgpdoliep":{"blacklist":true},"agm honoepgcnakccfpidhjehlocaeaaj":{"blacklist":true}, "ahfgeienlihckogmohjhadlkjgocpleb":{"active_permis sions":{"api":["appNotifications","management","webstorePriva te"]},"app_launcher_ordinal":"n","page_ordinal":"n"}," ahjfgnikolodijnpakeknpilnemojlhc":{"blacklist":tru e},"aieglpnmmhleoenpbmfaffppfomgjmba":{"blacklist" :true},"aifmjmboebdkdelpjenakhaodgneempp":{"blackl ist":true},"alcbnnpmipohgdllkkglhkbncijplago":{"bl acklist":true},"aldalonecchncedclgcndcndgilaclnk": {"blacklist":true},"aljdncnajablgppdcfbehhmidlmbnd da":{"blacklist":true},"amfgdngndpfldigimkcindjalo kfnmem":{"blacklist":true},"amoobcjlpgloocplpikcld cpjjdnoeii":{"blacklist":true},"anmjpohfnlopdfaojo oicpemopnliimn":{"blacklist":true},"apdmgffkfhjfee jmbjidennfjdkmmmbl":{"blacklist":true},"aphncaagnl abkeipnbbicmcahnamibgb":{"blacklist":true},"bcddmc ejgphfgofbpoocakaeapfomlek":{"blacklist":true},"be nclngoadbppljglhphhnfknoppmjoa":{"blacklist":true} ,"bhdkpmneahdelgdgfhddianklldfoell":{"blacklist":t rue},"bilgncckogfgfipdlejkffnbkgjkmflh":{"blacklis t":true},"bjihddggcgnblgojnmhpnngonofbnkaj":{"blac klist":true},"bkhafliomebnpccanacmlfaemgfiofko":{" blacklist":true},"bkkchglolnigbfncnbnnbhhempjkdpkf ":{"blacklist":true},"bkplhcigeaiiliajeehehiikokgo cbhb":{"blacklist":true},"bldgnkigdcpgnbfehgbameig oohecdfl":{"blacklist":true},"bndahdijlcnncjbpammo edeapmlobllc":{"blacklist":true},"boaoagnmpennjoig kkmnjhecapibhfko":{"blacklist":true},"boclfockfmgc ppbajihcgajhpggaakgl":{"blacklist":true},"bokkific jhapflinbdejegngffgkcgfe":{"blacklist":true},"caph kimknlmnhpjoneddiaakmcaajagb":{"blacklist":true}," cbbbpmlnlpnjojeplppgeilanlihoojg":{"blacklist":tru e},"cbbjhegipokkofhhicbckicchjpcpeni":{"blacklist" :true},"cdogaeccgljmkecjmoedambgiekkllij":{"blackl ist":true},"cekdjgnecpoooikhmceokdhojckkkhmh":{"bl acklist":true},"cepfogmgfkddnllaopgknbdfkceejmhk": {"blacklist":true},"cfbdodejdeejbkffcmiaknpmojjeib pn":{"blacklist":true},"cgnkbnaiipmfbakpmhllalggoe pniemh":{"blacklist":true},"cihlkpohodpdkdnfalhdkh hlhmhffmbe":{"blacklist":true},"cjhklhdjonhcohlacg ggcbklpnldleck":{"blacklist":true},"cjohbbapkbkkhp ohinffggbphnhoblea":{"blacklist":true},"ckckpgefkp jfopjppjfcikppehdhceah":{"blacklist":true},"clapna mcglekekmamicmbahkghdcjaeh":{"blacklist":true},"cm jphjljejnfgdbkdgdlclaabimpknna":{"blacklist":true} ,"cmlokmkdolieoaoddlfhaidnlmiadhik":{"blacklist":t rue},"coajchbkdbfhmhbgcjepiofllfjjcpfp":{"blacklis t":true},"cpiiakoibaohkfoaijaigdnocfolnmll":{"blac klist":true},"dadcalgappognjbjpalfophhcfakoeac":{" blacklist":true},"danapgfidmepmcfbjjacceiaiiioieio ":{"blacklist":true},"dbiblcmlcgdjjbdpbmbcpineegng kiip":{"blacklist":true},"dbmdicehacbaohlockjgdglc obimmjkh":{"blacklist":true},"dejippphmhbpgckbhdid njmdcpfccbaj":{"blacklist":true},"dfafokiagoiocidl pglcanjkcdbdnioi":{"blacklist":true},"dfoegfajplmi jblljfancdapbdaopebb":{"blacklist":true},"dgaehaea hdegbdlenicbmkbakhdgoeml":{"blacklist":true},"dgcf mgdfbfbgcpbendbhbkfjppboebed":{"blacklist":true}," dgkemngdheppgohkjjelnkjmdeimmfml":{"blacklist":tru e},"dhkplhfnhceodhffomolpfigojocbpcb":{"ack_extern al":true,"active_permissions":{"api":["plugin","tabs"],"explicit_host":["hxxp://*/*"],"scriptable_host":["hxxp://*/*"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"inst all_time":"12992191870611875","location":3,"manife st":{"background":{"page":"bg.html"},"browser_acti on":{"default_icon":"browser_icon_babylon48.png"," default_title":"Babylon Toolbar"},"chrome_url_overrides":{"newtab":"redire ct.html"},"content_scripts":[{"all_frames":true,"js":["cs.js"],"matches":["hxxp://*/*"]}],"description":"Babylon ToolBar","icons":{"128":"babylon48.png","48":"baby lon48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADC BiQKBgQDMHVuwST42pNWw6lNOUuLbpo+vO7TrD5Bp1HGFnjF/Z77GdGdkv0qeHtBHZdGcuTIzwsMoooA2yuKA9Xxs5WHpAUItq2 L51IxrkzvdbomCdmVg+D95Yw2T6y86pM/ftZAoo1vqoTjWAl6oqLga1tfugMZ0q46tv8GwwDZMnYNEfQIDA QAB","name":"Babylon Toolbar","permissions":["tabs","hxxp://*/"],"plugins":[{"path":"BabylonChromeToolBar.dll","public":tru e}],"update_url":"hxxp://img.babylon.com/ext/chrome/update/update1.xml","version":"1.8"},"path":"dhkplhfnhceo dhffomolpfigojocbpcb\\1.8_0","state":1},"diinokaoi cgobepmadnmedlhdfnpehcj":{"blacklist":true},"dinhj capnfbffhiihdlnbdfjdjjfhcbk":{"blacklist":true},"d jnahdkbfgnhgpakidinfonfcjbagkgp":{"blacklist":true },"dlobhinihbmedmheccecfnkcadpehmbf":{"blacklist": true},"dmhjdbigobajgnfoabodjgmcdgoeoljm":{"blackli st":true},"dmkdhgkknhnfpdjeicefnpmhcpbimden":{"bla cklist":true},"dnemhlkdpajbbniphgkgceplmnkfnhfo":{ "blacklist":true},"doneghboglgnflpdicnkaojmmljgejk j":{"blacklist":true},"dpgenihgggagjjggfocjceeobjk adcbc":{"blacklist":true},"dpmloehicimdjkibmobhmpg dndgbcced":{"blacklist":true},"ebdcdchjcndpjhehace depnggfdbfkpn":{"blacklist":true},"echngajnlpjeacb anjejlhcajjfoedcc":{"blacklist":true},"edmnikahahf kfilbbjbdoiabnghbkmjc":{"blacklist":true},"efbeabp bbkahnnjalakldjfhljboclkf":{"blacklist":true},"efh jelcghjkfigiagdfbfilndaffpmdj":{"blacklist":true}, "efnaljpgehfilpmkhobibbjceeeondmn":{"blacklist":tr ue},"egljdhfnbjahogjahnigfnbpidlmdagi":{"blacklist ":true},"ehgoiaffgjoinpkllmmnikghgpghnabc":{"black list":true},"ehomcoocpagnlcakcbecdaknmacmedld":{"b lacklist":true},"eihjeehdobnpkonebmpanonopghepfle" :{"blacklist":true},"eijbdinddjecmebnlienfoijpjjob kjh":{"blacklist":true},"ejijgghlncnaphklndknkbkcl ebfboca":{"blacklist":true},"ejlekamipdcfcfpgfepjm klllbpeecaj":{"blacklist":true},"elcaigjcaijbfpjng aekbblphmfjdhfo":{"blacklist":true},"eofejpelggimk odeojpeojnbijgiglgh":{"blacklist":true},"eopmhecjn ginkckggjmhombbopmkjpam":{"blacklist":true},"epbmn bdplhcomkedpjfceakddnbgfjmf":{"blacklist":true},"f afoohpbicgbcejffcplajonhhooddle":{"blacklist":true },"fbhiehmngojjcmljddjmgpmcockbccmo":{"blacklist": true},"fcfepemfihgibdacjlnlecebknaaepmj":{"blackli st":true},"ffgfbfakpcnngelphjnppokmoicdollk":{"bla cklist":true},"fhlkffpjoajppmhcakbkjndbjfljccpi":{ "blacklist":true},"fiapkdjniadkodmdibdnchoifkpfoii d":{"blacklist":true},"fibgploapkhokkbncddlkcmbmie ngcfp":{"blacklist":true},"fihepkmlkmciffbhijldnpm ifhbkiinp":{"blacklist":true},"fjjeecfjmgfnleghoel lhldedkaocjfc":{"blacklist":true},"fleljamdchegbje iipbnmiebnhgheeld":{"blacklist":true},"flmmgcfcpbf ddenepkfmgfpbaceolcoe":{"blacklist":true},"fmcccid acjgnfiafddkngmeolkoiihil":{"blacklist":true},"fmo nlemffgbabjifjfaoamdflijecdbk":{"blacklist":true}, "fngolbdmkneakeaoiieafkilnogbocda":{"blacklist":tr ue},"fnhcgnmfccojojojacgeiaaeacefdohb":{"blacklist ":true},"fnjglmhbchjomgfmflpgioahkapkhmgc":{"ack_e xternal":true,"active_permissions":{"api":["bookmarks","contextMenus","cookies","geolocation" ,"history","idle","management","notifications","pl ugin","tabs","unlimitedStorage","webNavigation","w ebRequest","webRequestInternal"],"explicit_host":["chrome://favicon/*","hxxp://*/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"inst all_time":"12992191889088875","location":3,"manife st":{"background_page":"js/chromeBackStage.html","content_scripts":[{"all_frames":true,"js":["js/verlyEarly.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"},{"all_frames":true,"js ":["js/bcview.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"},{"all_frames":false,"j s":["js/contentScript.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_end"},{"all_frames":true,"j s":["js/navigationHandler.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_end"},{"all_frames":false,"js" :["js/match.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"},{"all_frames":false,"j s":["js/compatibility.start.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"},{"all_frames":false,"j s":["js/compatibility.end.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_end"}],"current_locale":"en_US","default_locale":"en","d escription":"TV Bar 2","icons":{"128":"634686211986136406.png","16":"6 34686211986136406.png","48":"634686211986136406.pn g"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD Hk8ALp2D2Bg3M20snt4fnqzknDEntMQ/fYamo0W/HDQqIadmaiANaBfn3Cd1X1gox8vv2OBP70MUkmMvZsJg0Fm525 IkQ5DnEAv5Gr+9nquLRQNkyMj10NRxxP6oe46P3ExL0EV3zSvg MmZHNpt8LDhQ2CWm5j6XbyZooDOXXRQIDAQAB","name":"TV Bar 2","permissions":["tabs","hxxp://*/*","hxxps://*/*","notifications","management","unlimitedStorage" ,"bookmarks","contextMenus","cookies","geolocation ","history","idle","webNavigation","chrome://favicon/*","webRequest"],"plugins":[{"path":"plugins/ConduitChromeApiPlugin.dll","public":true},{"path" :"plugins/np-cwmp.dll","public":true}],"update_url":"hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3084223&extensionData=<extension_data >","version":"10.11.21.201"},"path":"fnjglmhbchjom gfmflpgioahkapkhmgc\\10.11.21.201_0","state":1},"f nkaadkanmfgpfbmdcllhjdgmdbgljpi":{"blacklist":true },"fnnmbghphdnmmjdapccfobgjemjadeli":{"blacklist": true},"fnoadkjdjfgafomgmablhmffooijcfbn":{"blackli st":true},"fommcgokigkhmnhlhlkckfjhefnmfohd":{"bla cklist":true},"fpbippbofbmgmbojjmgfcifpmdaelcmd":{ "blacklist":true},"fpmajanjndhgpifbcbnklbiehgnpkgm f":{"blacklist":true},"fpoajjnnpmledpmohlgpgbmlhbg kgahg":{"blacklist":true},"gaicmfjflflabagobdiodej fpjikheeo":{"blacklist":true},"gandihaiobadcggbfkh pbkocmiemjlnf":{"blacklist":true},"gbenikfjhilhpga gllmfgggdjaflbmbi":{"blacklist":true},"gdggdkkjeco gagaffaemnbfmllcoihjp":{"blacklist":true},"gekkhpj igmckhgmgngadbeknekgpgolb":{"blacklist":true},"ghg phbmpcfgkfneodjpbdanmdoemklio":{"blacklist":true}, "ghmaokcegalalefnhlfcnjhnpdbanjkj":{"blacklist":tr ue},"gifglngcdbggmlgkcombebegdaoknkho":{"blacklist ":true},"gjkbghdignnlcknknflbigpammebiolo":{"black list":true},"gkjeccpmibljcfpfapfljciimedljpnm":{"b lacklist":true},"gkjmgdpdndoaiholejnmdbbpdaafahmm" :{"blacklist":true},"gmghjgfdialcnhadahmjefeflgnhc jeb":{"blacklist":true},"gnapdhmknipknfmhhnhdmhakd fhgeing":{"blacklist":true},"gncfgndgeoddelbfhlndh ljnecoednaa":{"blacklist":true},"gngmkbiihflpghldj nbpemaicedhdddk":{"blacklist":true},"gobjcjhhebpjb mjdgmejhebbleadnceo":{"blacklist":true},"gplgjmecj pbfcdikpbicknafcnfcidek":{"blacklist":true},"hbaaj kahagmlkdekmbdabikbopdgpaac":{"blacklist":true},"h bdhabpmbbanaopgkbaondabkkepjfaf":{"blacklist":true },"hbmlheccjkodhfejcmblndjodllmnlnl":{"blacklist": true},"hcapokajkngndbglnfglpfdpoeidmpha":{"blackli st":true},"hcpndbchnlgojmnijaldkicigmihmdca":{"bla cklist":true},"hdijkiondgomjpehfhopomicjbiodmcm":{ "blacklist":true},"hdnbmmfjbblajkjkcaeofolgfnljpni m":{"blacklist":true},"hecijapnccjhonbmacmkmffoood fokoo":{"blacklist":true},"hefmoncdemhjembgbnkgglh lookbipdc":{"blacklist":true},"hfjpjodbolkmheaehcn mfhjakjileoof":{"blacklist":true},"hfpfbhnmbbigpmo odjemilggabklpopj":{"blacklist":true},"hgbaomphocg mdpmiohjclchaaljpaelp":{"blacklist":true},"hgboiae cclcbjphldpbgfgggcbihmnai":{"blacklist":true},"hgj gaeknhmidehalnmokomhpfhbfmpcm":{"blacklist":true}, "hhfffemhgkginfafaoapljdllodppana":{"blacklist":tr ue},"hhfiljkpjapjjphcocclhhaldpfkkjbi":{"blacklist ":true},"hhjmkijkgojfifipdgmiemghfikbohcm":{"black list":true},"hhlgbfcfbkhlmajakkcjippgpcmejkko":{"b lacklist":true},"hilncbjbdpnfepdidfchmdclhpnlegpj" :{"blacklist":true},"hjkhligcnpfjhjlapmejaiaiigibo fif":{"blacklist":true},"hkbgccpdcpbdckohbknjlamam elcnlki":{"blacklist":true},"hkjcejgfmaanpncnpoidg bhoikcaeepd":{"blacklist":true},"hkjfdgjkgpbbdmadb glcgljjjddkcdha":{"blacklist":true},"hmmoglffhpmac aacfbbmbbkcbdkjphnc":{"blacklist":true},"hnbcdmfeo ldeppcbnnjmjkdofohaljbn":{"blacklist":true},"hncom kjbbkchfjelocejkbbflmjhlhfp":{"blacklist":true},"h nipgljcblpgnnojcfldehpeknhakbgj":{"blacklist":true },"hnkcpoijaeegompjgbjjhkdmljldaccg":{"blacklist": true},"hnnebfeppcbhhbhiifeaajgcjnkljlld":{"blackli st":true},"hnonhhpgjnjcjfbkjdpfbkfpaodcmncb":{"bla cklist":true},"hpcdoodjfcmpcpkeendjnjkeinimhkih":{ "blacklist":true},"hpibmhghjndideebpackbdlpncgkcpp p":{"blacklist":true},"iablioliielnhdianpbiijaoncb mfend":{"blacklist":true},"iccblehkchfmjgfafjcpjlk jcponhdhl":{"blacklist":true},"icihfeaofpcfehanhbn jigdlpfahjlee":{"blacklist":true},"iemfpgbdjfoihic bocpbjppipdbfimeh":{"blacklist":true},"ifbkndkaolf bjjhnnhfmkbkoclpdkpli":{"blacklist":true},"ifeijfp kjckedpclgncedmgdiaoeahmk":{"blacklist":true},"iga ajdmlejbjcbmpmnigopikfdaccdcm":{"blacklist":true}, "igbaoknfddliiaoimhehfbkfekpmmfll":{"blacklist":tr ue},"igghanohiioehififjoalfkdoicafjof":{"blacklist ":true},"ihnembcpodnfgkafmiojebccomjekopm":{"black list":true},"iiiinekimabooeihccihfopoadcaaphn":{"b lacklist":true},"ijecjbcgpblkacpijljpaienknanaloa" :{"blacklist":true},"ijenlpgidnapbndonoinbkhekgjon ojg":{"blacklist":true},"ilhjicgcglhjigdehkcehjdok mkahbjl":{"blacklist":true},"imfbomjbodpfgfhfahlgk kcllmhbelhk":{"blacklist":true},"imkffpjpdngdkpgad cmnlkhhmhdocijn":{"blacklist":true},"iobnpmeeecphd dicmhhmdjbnlbdhjlne":{"blacklist":true},"iomejadoa mfilglofmeaffghddcgapmf":{"blacklist":true},"jaejg aoiipdjjlbnapngknalafalbkej":{"blacklist":true},"j anhdpmhnighonkkbkdpnljcoenpfkbh":{"blacklist":true },"jbmbiepnidbnhbbfdbgioomdkgnbcacj":{"blacklist": true},"jbnafcjbcfgejacaanogofkkehcomamp":{"blackli st":true},"jcmipejepoimfflnoapdmkdephgjinck":{"bla cklist":true},"jfalnphfjdoalcdhlnhdpekbmmopkgkj":{ "blacklist":true},"jfjagidcpadkoaonbogmbgfimmnefei e":{"blacklist":true},"jgdkappiifgomhgikcjbanhnmle kpeje":{"blacklist":true},"jgmpapdckakiohhebmeoeme jibommimi":{"blacklist":true},"jhhabiomopkibeecgng iggmopkeofacl":{"blacklist":true},"jindbcpkhnnnjgc jgmkjedbibibiojjf":{"blacklist":true},"jjnkfllhcgk gnfbekpnmoikpfihpjfli":{"blacklist":true},"jkihmgl ffmfjedfbpbpdbbimcodjbmdh":{"blacklist":true},"jkm halpofmlfeglboejbchpoijnkmcgh":{"blacklist":true}, "jljfnkmkkdkppfndippkedacgfkafped":{"blacklist":tr ue},"jmbkhogpjgjpfjhpdikloblkbkljkgao":{"blacklist ":true},"jmeanodbelbflfmnkfdjgpikmldgjjko":{"black list":true},"jmifipgdcllamghkhdplfjffkciekbgo":{"b lacklist":true},"jpehgolpfgnknboibogccapmdcadjkbd" :{"blacklist":true},"jpeijjbllejgmokmahkeommcodaho obm":{"blacklist":true},"jpgidahfcgiajlcbleeiaibpm mblcmnb":{"blacklist":true},"jpkdlckejfjidmplieobn hijmoiecbhl":{"blacklist":true},"kbipembkfhbdmkkkf bigmohilmknjnof":{"blacklist":true},"kcanfkmhccbah eheaackijegkclkaeic":{"blacklist":true},"kcfnnanmp ghdnoompcfclakpacapnfbn":{"blacklist":true},"kcgpl bmkmfcpngilmhjmebdgkkpbdemp":{"blacklist":true},"k dchmeaiapjkejkcbeclgjklemecieeg":{"blacklist":true },"kdfahjokahcbmecgaandpobmgiiknagf":{"blacklist": true},"kelcbonmemlciepjdmfcifnhloeammhj":{"blackli st":true},"kelljdoinjlkmkncffgadbebgpmlcang":{"bla cklist":true},"kffhenjbibjnbnjhlkcdlmpeccpaohio":{ "blacklist":true},"kgbkdabomfdpfoibliicpmibceaoohg h":{"blacklist":true},"kgdhnhadbnpeibkghaebmhmngob dafag":{"blacklist":true},"kgdkcodealpfjolmiagcogf bgmaamegh":{"blacklist":true},"kgdmldjagfciieddcnl hampgkajkpanc":{"blacklist":true},"kibgmcdcfmcglaj cfbecilngejnfppjp":{"blacklist":true},"kiipngoehgk gkackngaidmhmnchfbmio":{"blacklist":true},"kinhljb hjmcmoddhdoodekeklmjapjff":{"blacklist":true},"kkh omejdleoonmbdhcigkhkjcghngncf":{"blacklist":true}, "kleaapgdkahaekcocmkbgfainbhihccj":{"blacklist":tr ue},"kmlebjoghkhpapfhbdikannggmmffnco":{"blacklist ":true},"kolbbghckjilleabphhgeggcgpfidofi":{"black list":true},"lambangeielkjcnmioccboaphdfcffib":{"b lacklist":true},"lbaddolhebpnhdcdkicpcflhnfamcemn" :{"blacklist":true},"lbficnmfealeidppcbgdcbemgfjod bkg":{"blacklist":true},"lceaiepehinnomgijphkmjccb igkljkj":{"blacklist":true},"lcfkojlnjnedeoepfemhd gkhiabkeadc":{"blacklist":true},"ldgfapfmnplpaohbb adnecegcpfkfall":{"blacklist":true},"lgalokbapphhk lmilicdefmgbjkcmldf":{"blacklist":true},"lgcnahanh lfpceencjmlehpfklokhojk":{"blacklist":true},"likif pgnijjfbdegfepoalpamlgnfofi":{"blacklist":true},"l iomofjeffddiiccaolcnllbhnipbkhe":{"blacklist":true },"ljcicfibknpmlcmcecddjlbgkejehhpa":{"blacklist": true},"ljeihpebkahejeacdalhkhmckmggppif":{"blackli st":true},"ljmjoloiepllcndinchenhomcdcgbgef":{"bla cklist":true},"lkdimamelhbiijkiljlnedmhnnkkmlbl":{ "blacklist":true},"lkfdchejjogilmloogbbjlnlpbhgjfa b":{"blacklist":true},"lkhcbijhgfchgdmklonlobkfbca dbokg":{"blacklist":true},"lljnngafekbnkpdfophmcdl bfebcbcld":{"blacklist":true},"lnahlgmhpghkhmafjpp didhcoaomipfg":{"blacklist":true},"lnbeebaenahmkbf fnimghceldeeihfak":{"blacklist":true},"lncjcfkpann mofmpgdfoonkniofdnaba":{"blacklist":true},"lndempe hphjoeimfchjflohpmhamiamf":{"blacklist":true},"lnj gjionmhobdfdegbciceafphgemjnc":{"blacklist":true}, "lnlaeblencbjjjeaanegaldcjfekeled":{"blacklist":tr ue},"loggadfheaoeabmkgolecncpfdfioefa":{"blacklist ":true},"lojppnndedobolgfepahepphhloediji":{"black list":true},"loldehkdjdncebfnncknlkdchjclifbn":{"b lacklist":true},"lookpbabilcplifjdeifacodednpacmk" :{"blacklist":true},"lpgiafapdmlapiokjnmpbbfkomice oml":{"blacklist":true},"lplmcpcnhpbffpcfiaddbeapl hhbengd":{"blacklist":true},"mamfageekafifnickhgki bkofcclfefe":{"blacklist":true},"mbmdaiddhfoljplpd hohimgieioblfif":{"blacklist":true},"mcbkimglepddo dbiongpohpeidioafgk":{"blacklist":true},"mcknnlhkk dbcppajgefagceglahcafjd":{"blacklist":true},"mdieh nlecbjlppbpaaipmlnhhjgepfcg":{"blacklist":true},"m dngbiejioalifclonjepjjfppmbgned":{"blacklist":true },"megkcfpbmemnpkgadkoompnoajcolpni":{"blacklist": true},"mfffdpnblflpobcnekhekiahepofaane":{"blackli st":true},"mfhfkclojmdocagbmecgcnlofppebebd":{"bla cklist":true},"mfncimdpmknolnnnccdmkpnpkaofonkc":{ "blacklist":true},"mgdgiplcofghdmpekdeeceolepakodc b":{"blacklist":true},"mjalegijammcloleihdmooifidc jggjp":{"blacklist":true},"mjgobkikdipfikmaoakdcdb icpioljgg":{"blacklist":true},"mjolnadmlahbpepjaem ohnkhpjkbhmef":{"blacklist":true},"mknjbohhleiicbp agpgmhoaigbblmnic":{"blacklist":true},"mkobblpffgb ncfhijabakfafmkjdmmnm":{"blacklist":true},"mlmegah emifabfmdnndafagnncfbnahn":{"blacklist":true},"mlm mbepkgelpbenpobinockmiehdahai":{"blacklist":true}, "mlnoedbhndgbjcbeadjfnmjloejlgojk":{"blacklist":tr ue},"mmjodihhmnpkldljaifiajmlnpflfhpm":{"blacklist ":true},"mndoohjdoechinpkfbkolflbonciahfo":{"black list":true},"mnhcgaghminpdabllkbkecahjfkdiabk":{"b lacklist":true},"mnichagcickblneeijmfnmoiakigmmhf" :{"blacklist":true},"mnllienogacopjnkmhgnniopjpgjp opp":{"blacklist":true},"mogepbcllienegdibkfpmombh efhcoic":{"blacklist":true},"mplhbhmkccidaokcelbcb cmhhedebcng":{"blacklist":true},"naopgnjebjeeedbbh cadkhkmeefmloho":{"blacklist":true},"nbieffehfdnii fkgdckbndjhojohbfjj":{"blacklist":true},"nckmikoho ilfkcoahbjpbgbpegcjgngm":{"blacklist":true},"ncpda njmicnihdlijomcggnnekloephc":{"blacklist":true},"n dhkiimgbjnendpcfbiadlifmangejoa":{"blacklist":true },"ndibdjnfmopecpmkdieinmbadjfpblof":{"ack_externa l":true,"active_permissions":{"api":["tabs","webRequest","webRequestBlocking","webReque stInternal"],"explicit_host":["hxxp://*/*","hxxp://dnt.cloud.avg.com/*","hxxp://dntf.cloud.avg.com/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"inst all_time":"12992191875398875","lastpingday":"12992 166004767125","location":3,"manifest":{"background _page":"content/background.html","browser_action":{"default_icon": "content/icons/avg_icon_16.png","default_title":"AVG Do Not Track"},"content_scripts":[{"all_frames":true,"js":["content/js/content.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"}],"current_locale":"en_US","default_locale":"en","d escription":"Block Ads and Trackers","icons":{"128":"content/icons/avg_icon_128.png","16":"content/icons/avg_icon_16.png","32":"content/icons/avg_icon_48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA 4GNADCBiQKBgQDaBhCcd8V6V8SwALoaT+A51wnypeg3PtHPFZ6/1OKPFykl5ejJUJj4iBdO6hwupZS9r69OFb9AF0NPAxXqMfuh/mVqguifgJiqVV7tLaQ5tGAIy0pACKYaTICVePngldEIu1VNSf8 A+YoQIt0LL7arZL5E/0iIoqX4Yd04Q8X2HwIDAQAB","name":"AVG Do Not Track","options_page":"content/options.html","permissions":["tabs","webRequest","webRequestBlocking","hxxp ://*/*","hxxps://*/*","hxxp://dnt.cloud.avg.com/","hxxp://dntf.cloud.avg.com/"],"version":"12.0.0.2166"},"path":"ndibdjnfmopecpmk dieinmbadjfpblof\\12.0.0.2166_0","state":1},"ndiog ongcmocdgjciemhagfhpjamehpe":{"blacklist":true},"n egkalblfongjbphdcbbhddlickhlamd":{"blacklist":true },"nepfiodmbijheamafkiglonfkjebdjmf":{"blacklist": true},"nfecfkjnlkbphobjbcnphimihniieehc":{"blackli st":true},"nhboiakpmibkbkbeehchlfkggmhphpnk":{"bla cklist":true},"nhkmojkfnknbbmhbnacjdlodokeophkl":{ "blacklist":true},"nibohffepnilngkecenfdgnokfhmnko d":{"blacklist":true},"nidmbljkkcbdfklgdkklgjgmhej mbojn":{"blacklist":true},"nidodbfomffkfabciljelkb diabkeehe":{"blacklist":true},"nifbebeekindefklojh chehidpikbjfc":{"blacklist":true},"nihhbeikpchdddo illfdcdinnnnllmna":{"blacklist":true},"nlgapikcofp ablcmfgaoodlhiejiehhh":{"blacklist":true},"nloaaep khcnmoakooihnefhhggbmemed":{"blacklist":true},"nmm nodocfckpoddcgihiihcdinaonckb":{"blacklist":true}, "nmphbnbmgfccfhcmibikmhcgajjpelpf":{"blacklist":tr ue},"nnioepmjbjjlflmdgjanlcmbjahljeeo":{"blacklist ":true},"nochkknnbahbhmmknnmdhagelcnfagom":{"black list":true},"noefghcilkpcabnhhilojimkkjplhcnd":{"b lacklist":true},"npadaghbcdejfngcjpbnoikajdnongca" :{"blacklist":true},"npolaghondefgiomhkbiiompikfjn eep":{"blacklist":true},"oakhllhnbcpgagdafgbninlpj demdmjk":{"blacklist":true},"oanjogmonneelfpnfmdla lfddkeckdej":{"blacklist":true},"obgljnmbldahelaak fdbjkplokjoneip":{"blacklist":true},"ocmhjnhildbng lmlfimkjnnfgddelacb":{"blacklist":true},"ocnlnkjmf nolmbclblfhfhcakldceiec":{"blacklist":true},"odnam glmogfldajnhkfodmloofeokcmm":{"blacklist":true},"o ghphhcagopecifjblgdcfihjnlcbcfc":{"blacklist":true },"ogjbodghhojomghbdfnlkppdagkfjede":{"blacklist": true},"oidjdpbndkjhmhmgdoggibcjnippkcgo":{"blackli st":true},"ojglppmhgfohhfeinlhklglifnbfebak":{"bla cklist":true},"omceiakkomngangmllpgbjcoeloglald":{ "blacklist":true},"onfbaaifbbahonepmednhkjbhdgogkb l":{"blacklist":true},"onpnpccdagncipgnoofbhchlbaj cjnkd":{"blacklist":true},"oocfbmollajebjjpkahmlnc lfhkjijea":{"blacklist":true},"ookcgejbfhcmcanfkfm mmpahflnlajbl":{"blacklist":true},"opnnngnphijodjh emhdafpnnpdjggofe":{"blacklist":true},"pajgiddgjid lcajihkjoacjbplimkgfe":{"blacklist":true},"pbdgmpp mccanplobanhfkjndjkmmabgk":{"blacklist":true},"pbe kednmpdekknlffkiopooofokfmkla":{"blacklist":true}, "pbglijbamgmlcpnnpbfjkbdeheejjloj":{"blacklist":tr ue},"peahabnpipmmfiajjjhgfggbeigbmbgp":{"blacklist ":true},"peiijdmlgbelnnmnkighhkpeihmmamio":{"black list":true},"pfcelnbmkeoaeicedjomcjkcammlkdbk":{"b lacklist":true},"pfhlnanelpgjbhndafjamnpfhkjadoip" :{"blacklist":true},"pfoiaildicnbcjojocjlpcibenphh bln":{"blacklist":true},"pfonklmafadkmcedjlodommco ipgbcde":{"blacklist":true},"pgelifedkjaohmjehecoj kfldinjlamn":{"blacklist":true},"pgjpnfpidejcmjiba aohcmehfohacckf":{"blacklist":true},"pgldfhecfiofk hnbgcncepnkjkeoahlk":{"blacklist":true},"phkpgooen aonkpnabopdbjjfmphclela":{"blacklist":true},"pihcf dffalbcnmbghijdfcaanagapelf":{"blacklist":true},"p jdhkkcnlbfebiokpeghfffajaabahfo":{"blacklist":true },"pjgbfgdpkbfimabdalhjmmeeelbmkcac":{"blacklist": true},"pjloefkigphblpjminnlpbhjchjafcfc":{"blackli st":true},"pkbbbncikcipejaiiiioboongndhmjgl":{"bla cklist":true},"pkbkkendemaimikinaefldfljliecapm":{ "blacklist":true},"pkhidkonipdjidjglnkfcfhnkfnlefb k":{"blacklist":true},"plfijddblbcdcnammpdmfccchkb dekmm":{"blacklist":true},"pnaiiipilbpcceggeanphcp kkihnojan":{"blacklist":true},"pnnbdjcjeiobikdfike gpclkcimgafpp":{"blacklist":true},"pnpfkfanlgljpkp ilhgiimfadggfmhcd":{"blacklist":true},"pnpgiaejfbd apllkchhgchjpdbcpiooa":{"blacklist":true},"pobponm hkpmphbnfhpjdagklbkmjhked":{"blacklist":true},"ppm fajacidhcjbddpgmcmigffpppcadd":{"blacklist":true}} ,"toolbar":["dhkplhfnhceodhffomolpfigojocbpcb","ndibdjnfmopecp mkdieinmbadjfpblof"],"toolbarsize":-1},"homepage":"","homepage_is_newtabpage":true,"ne t":{"hxxp_server_properties":{"apis.google.com:443 ":{"settings":[{"id":4,"value":100},{"id":5,"value":10}],"supports_spdy":true},"fls.doubleclick.net:443":{ "settings":[{"id":4,"value":100},{"id":5,"value":10},{"id":6," value":0}],"supports_spdy":true},"googleads.g.doubleclick.ne t:443":{"settings":[{"id":4,"value":100},{"id":5,"value":10},{"id":6," value":0}],"supports_spdy":true},"plusone.google.com:443":{" settings":[{"id":4,"value":100}],"supports_spdy":true},"ssl.gstatic.com:443":{"set tings":[{"id":4,"value":100},{"id":5,"value":32},{"id":6," value":0}],"supports_spdy":true},"www.google.com:443":{"sett ings":[{"id":4,"value":100},{"id":5,"value":10}],"supports_spdy":true},"www.googleadservices.com:4 43":{"settings":[{"id":4,"value":100},{"id":5,"value":10},{"id":6," value":0}],"supports_spdy":true}}},"ntp":{"app_page_names ":["Apps"],"gplus_required":false,"promo_closed":false,"prom o_end":1344978000.0,"promo_group":389,"promo_group _max":1,"promo_group_timeslice":0,"promo_increment ":1,"promo_initial_segment":4,"promo_line":"Wh at do you think of Chrome? <a href=\"hxxps://survey.googleratings.com/wix/p5963862.aspx\">Take the survey</a>","promo_num_groups":1000,"promo_resource_cache_ update":"1347718266.727875","promo_start":13444596 00.0,"promo_views":0,"promo_views_max":15},"plugin s":{"enabled_internal_pdf3":true,"enabled_nacl":tr ue,"last_internal_directory":"C:\\Program Files\\Google\\Chrome\\Application\\21.0.1180.89", "plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files\\Google\\Chrome\\Application\\21.0.1180.89\\ PepperFlash\\pepflashplayer.dll","version":"11.3.3 1.232"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files\\Google\\Chrome\\Application\\21.0.1180.89\\ gcswf32.dll","version":"11,4,402,265"},{"enabled": true,"name":"Flash"},{"enabled":true,"name":"Remot ing Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Remo ting Viewer"},{"enabled":true,"name":"Native Client","path":"C:\\Program Files\\Google\\Chrome\\Application\\21.0.1180.89\\ ppGoogleNaClPluginChrome.dll","version":""},{"enab led":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Program Files\\Google\\Chrome\\Application\\21.0.1180.89\\ pdf.dll","version":""},{"enabled":true,"name":"Chr ome PDF Viewer"},{"enabled":true,"name":"Babylon ToolBar","path":"C:\\Documents and Settings\\Bill\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\dhkplhfnhceodhffomolpfi gojocbpcb\\1.8_0\\BabylonChromeToolBar.dll","versi on":"2.0.0.4"},{"enabled":true,"name":"Babylon ToolBar"},{"enabled":true,"name":"Conduit Chrome Plugin","path":"C:\\Documents and Settings\\Bill\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\fnjglmhbchjomgfmflpgioa hkapkhmgc\\10.11.21.201_0\\plugins/ConduitChromeApiPlugin.dll","version":"1.0.6.9"},{ "enabled":true,"name":"Conduit Chrome Plugin"},{"enabled":true,"name":"Conduit Radio Plugin","path":"C:\\Documents and Settings\\Bill\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\fnjglmhbchjomgfmflpgioa hkapkhmgc\\10.11.21.201_0\\plugins/np-cwmp.dll","version":"1.0.0.1"},{"enabled":true,"na me":"Conduit Radio Plugin"},{"enabled":true,"name":"Adobe Acrobat","path":"C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll","version":"10. 1.3.23"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Microsoft® DRM","path":"C:\\Program Files\\Windows Media Player\\npdrmv2.dll","version":"9.00.00.4503"},{"e nabled":true,"name":"Microsoft® DRM","path":"C:\\Program Files\\Windows Media Player\\npwmsdrm.dll","version":"9.00.00.4503"},{" enabled":true,"name":"Microsoft® DRM"},{"enabled":true,"name":"Windows Media Player Plug-in Dynamic Link Library","path":"C:\\Program Files\\Windows Media Player\\npdsplay.dll","version":"3.0.2.629"},{"ena bled":true,"name":"Windows Media Player"},{"enabled":true,"name":"AVG SiteSafety plugin","path":"C:\\Program Files\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\11.2.0\\\\npsitesafet y.dll","version":"11, 1, 0, 4"},{"enabled":true,"name":"AVG SiteSafety plugin"},{"enabled":true,"name":"Google Update","path":"C:\\Program Files\\Google\\Update\\1.3.21.123\\npGoogleUpdate3 .dll","version":"1.3.21.123"},{"enabled":true,"nam e":"Google Update"}]},"profile":{"avatar_index":0,"content_settings":{ "clear_on_exit_migrated":true,"pref_version":1},"e xited_cleanly":true,"name":"First user"},"session":{"restore_on_startup":null,"resto re_on_startup_migrated":true,null}} ************************* AdwCleaner[R1].txt - [35127 octets] - [29/01/2013 08:19:13] ########## EOF - C:\AdwCleaner[R1].txt - [35188 octets] ########## Many thanks.
|
|
#13
January 29th, 2013, 09:40 AM
|
|||
|
|||
|
Hi Jintan.
On restarting the Notebook, all the 'bad image' have gone. I have not deleted the files suggested by the last two scans. Hurleyberly
|
|
#14
January 30th, 2013, 01:04 AM
|
||||
|
||||
|
What a mess picked up by AdwCleaner.
Be sure to continue to temporarily disable any protective software when running the scan tools we use here.
Open AdwCleaner, and click the Uninstall button to have it remove itself. ---------- Download the latest version of Malwarebytes' Anti-Malware from Here. Double Click mbam-setup-1.65.0.1400.exe to install the application. Follow all prompts, and check off all boxes except the one to load the Trial version. I just expires and causes confusion in a few weeks. * If an update is found, it will download and install the latest version. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform quick scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. * The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes. * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then. ---------- Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner. If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes: Remove found threats Scan unwanted applications Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives). Then click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology Click Start. This scan may take a while, so please be patient. If infection is found, at the end of the scan click "List of found threats". In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please. Post that log and the Malwarebytes log please.
|
|
#15
January 30th, 2013, 03:51 AM
|
|||
|
|||
|
Hi Jintan
Here is theadwcleaner log # AdwCleaner v2.109 - Logfile created 01/30/2013 at 02:09:13 # Updated 26/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Bill - PAM-3E76C8F1D78 # Boot Mode : Normal # Running from : C:\Documents and Settings\Bill\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigoj ocbpcb Deleted on reboot : C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjglmhbchjomgfmflpgioahka pkhmgc File Deleted : C:\DOCUME~1\Bill\LOCALS~1\Temp\Uninstall.exe File Deleted : C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage File Deleted : C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal File Deleted : C:\user.js Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon Folder Deleted : C:\Documents and Settings\All Users\Application Data\Browser Manager Folder Deleted : C:\Documents and Settings\Bill\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Bill\Application Data\PriceGong Folder Deleted : C:\Documents and Settings\Bill\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\Bill\Start Menu\Programs\Browser Manager Folder Deleted : C:\Documents and Settings\Bridgett\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\Bridgett\Application Data\PriceGong Folder Deleted : C:\Documents and Settings\Bridgett\Local Settings\Application Data\Conduit Folder Deleted : C:\Program Files\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\5a68ddcb46de444 Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\BrowserMngr Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ConduitSearchScopes Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Google\Chrome\Extensions\fnjglmhbchj omgfmflpgioahkapkhmgc Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\PriceGong Key Deleted : HKCU\Software\SmartBar Key Deleted : HKLM\SOFTWARE\5a68ddcb46de444 Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\BrowserMngr Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2549263 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fnjglmhbchj omgfmflpgioahkapkhmgc Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmp klohkojmllohdhomoefph Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v [Unable to get version] File : C:\Documents and Settings\Bill\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Deleted [l.1] : urls_to_restore_on_startup ={"backup":{"_signature":"p2wDHkNUrUWu2ETITJP+IHX8 ZzJszjgI3SpNIapR0yU=","_version":4,"extensions":{" i[...] ************************* AdwCleaner[R1].txt - [35258 octets] - [29/01/2013 08:19:13] AdwCleaner[R2].txt - [35364 octets] - [30/01/2013 02:07:54] AdwCleaner[S1].txt - [5907 octets] - [30/01/2013 02:09:13] ########## EOF - C:\AdwCleaner[S1].txt - [5967 octets] ########## I have run Malwarebytes and the scan came up negative, here is the log Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.29.11 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Bill :: PAM-3E76C8F1D78 [administrator] 30/01/2013 02:25:39 mbam-log-2013-01-30 (02-25-39).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 251029 Time elapsed: 22 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Bad image error message - all the time | fastmattie | Malware Removal | 1 | October 18th, 2010 06:02 AM |
| Insert image into a post message | bougain | The Anything Else Board | 5 | September 19th, 2010 02:13 AM |
| Bad Image message | vargheseanto | Malware Removal | 3 | August 3rd, 2009 07:13 AM |
| Bad Image message | vargheseanto | Windows XP | 2 | August 1st, 2009 07:59 AM |
| Message box on XP [Image included] | foubrak | Windows XP | 5 | October 5th, 2005 11:31 PM |
All times are GMT +1. The time now is 10:41 PM.