Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes 'blocking malicious threats' but won't run


  • This topic is locked This topic is locked
25 replies to this topic

#1 1judi

1judi

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 21 July 2012 - 01:10 PM

I am having problems with My Dell XPS 400 XP
I used CCleaner and then tried to run malwarebytes but each time it will freeze after a minute or two then the whole computer seems to be frozen and I have great difficulty getting it back on. Malwarebytes was sending me notices of 'blocking malicious threats' even though I could not run the scan. I did see the 'blue screen of death' last week. Hoping a look at a hijack log might help find the problem.
Thank You


.DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 10.5.1
Run by Judy at 12:43:18 on 2012-07-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2129 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Aware *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\dldtcoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Nero\data\xtras\mssysmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://officialhomepage.org/home15.html
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\6.0\youtubedownloaderToolbarIE.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\6.0\youtubedownloaderToolbarIE.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\nero\data\xtras\mssysmgr.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [dldtamon] "c:\program files\dell v305\dldtamon.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,_RunDLLEntry@16
mRun: [Malwarebytes' Anti-Malware] "k:\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\judy\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD}
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://www.sparkpea.net/controls/msnchat45.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{26B4A311-0F13-4447-A97C-F2C48630281F} : DhcpNameServer = 192.168.1.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\judy\application data\mozilla\firefox\profiles\fcjprzz1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bfb26e0e7-d971-4cb3-b842-c054c74e59b3%7D&mid=38aad58e39f873c3c86646fe09bd2905-7a7b7effb2a69ec04b6cebc2e6abcabb8029c7d0&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-05-11%2020%3A50%3A44&sap=ku&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\judy\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 301248]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-4-7 21592]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-7 332248]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-7 212568]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-6-27 791488]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-4-7 74968]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-2-1 22344]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-7 69208]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2009-8-20 99568]
S2 MBAMService;MBAMService;k:\malwarebytes' anti-malware\mbamservice.exe [2012-7-17 655944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-28 250056]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-17 40776]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-7 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-7 94040]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 167264]
.
=============== File Associations ===============
.
regfile=regedit.exe "%1" %*
scrfile="%1" %*
.
=============== Created Last 30 ================
.
2012-07-17 14:28:40 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-05 05:56:26 -------- d-----w- c:\program files\Oracle
2012-07-03 03:52:56 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2012-07-03 03:52:56 -------- d-----w- c:\program files\common files\Spigot
2012-07-03 03:52:56 -------- d-----w- c:\program files\Application Updater
2012-06-28 18:28:16 -------- d-----w- c:\documents and settings\judy\application data\Search Settings
2012-06-26 22:46:23 -------- d-----w- c:\documents and settings\judy\application data\YouTube Downloader
2012-06-25 03:35:09 -------- d-----w- c:\documents and settings\all users\application data\YTD YouTube Downloader & Converter
2012-06-25 03:35:01 -------- d-----w- c:\program files\GreenTree Applications
.
==================== Find3M ====================
.
2012-07-12 06:17:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 06:17:28 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:39:54 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-05 00:29:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-05 00:29:22 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-05 00:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 14:46:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-04-23 14:46:47 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-04-23 14:46:47 17408 ------w- c:\windows\system32\corpol.dll
.
============= FINISH: 12:49:41.56 ===============

Edited by Queen-Evie, 21 July 2012 - 02:07 PM.
split from topic in XP. Added description copy/pasted from the original topc


BC AdBot (Login to Remove)

 


#2 1judi

1judi
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 21 July 2012 - 01:12 PM

Don't know how to zip and attach to note pad.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/25/2005 6:46:13 PM
System Uptime: 7/18/2012 4:26:14 PM (68 hours ago)
.
Motherboard: Dell Inc. | | 0YC523
Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 144 GiB total, 67.908 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (FAT32) - 931 GiB total, 845.425 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSONY_DVD-ROM_DDU1615____________________FDS1____\5&286E6A4&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: SONY DVD-ROM DDU1615
PNP Device ID: IDE\CDROMSONY_DVD-ROM_DDU1615____________________FDS1____\5&286E6A4&0&0.0.0
Service: cdrom
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMHL-DT-ST_DVD+-RW_GWA4164B_______________D108____\5&286E6A4&0&0.1.0
Manufacturer: (Standard CD-ROM drives)
Name: HL-DT-ST DVD+-RW GWA4164B
PNP Device ID: IDE\CDROMHL-DT-ST_DVD+-RW_GWA4164B_______________D108____\5&286E6A4&0&0.1.0
Service: cdrom
.
Class GUID: {6BDD1FC5-810F-11D0-BEC7-08002BE2092F}
Description: Serial Cable using IrDA Protocol
Device ID: ROOT\UNKNOWN\0000
Manufacturer: (Standard Infrared Port)
Name: Serial Cable using IrDA Protocol
PNP Device ID: ROOT\UNKNOWN\0000
Service: irsir
.
==== System Restore Points ===================
.
RP556: 4/23/2012 10:48:39 AM - System Checkpoint
RP557: 4/25/2012 12:25:18 PM - System Checkpoint
RP558: 4/26/2012 6:57:18 PM - System Checkpoint
RP559: 4/27/2012 7:29:34 PM - System Checkpoint
RP560: 4/29/2012 3:38:00 PM - System Checkpoint
RP561: 4/30/2012 4:25:21 PM - System Checkpoint
RP562: 5/1/2012 4:27:35 PM - System Checkpoint
RP563: 5/2/2012 9:46:46 PM - System Checkpoint
RP564: 5/4/2012 2:31:49 PM - System Checkpoint
RP565: 5/5/2012 7:40:57 PM - System Checkpoint
RP566: 5/6/2012 10:57:11 PM - System Checkpoint
RP567: 5/8/2012 8:52:04 AM - System Checkpoint
RP568: 5/9/2012 2:12:45 PM - System Checkpoint
RP569: 5/10/2012 4:13:38 PM - System Checkpoint
RP570: 5/11/2012 5:25:51 PM - System Checkpoint
RP571: 5/11/2012 8:48:34 PM - Installed AVG 2012
RP572: 5/11/2012 8:52:19 PM - Removed AVG 2012
RP573: 5/13/2012 3:00:22 AM - Software Distribution Service 3.0
RP574: 5/14/2012 8:36:05 AM - System Checkpoint
RP575: 5/15/2012 12:35:15 PM - System Checkpoint
RP576: 5/16/2012 5:04:06 PM - System Checkpoint
RP577: 5/17/2012 5:11:32 PM - System Checkpoint
RP578: 5/18/2012 12:38:00 PM - Installed Java™ 7 Update 4
RP579: 5/18/2012 12:43:16 PM - Installed JavaFX 2.1.0
RP580: 5/19/2012 5:01:55 PM - System Checkpoint
RP581: 5/20/2012 11:52:03 PM - System Checkpoint
RP582: 5/22/2012 2:36:24 AM - System Checkpoint
RP583: 5/23/2012 2:12:32 PM - System Checkpoint
RP584: 5/24/2012 6:36:19 PM - System Checkpoint
RP585: 5/25/2012 7:33:56 PM - System Checkpoint
RP586: 5/26/2012 9:28:03 PM - System Checkpoint
RP587: 5/28/2012 12:19:57 AM - System Checkpoint
RP588: 5/29/2012 11:29:19 AM - System Checkpoint
RP589: 5/30/2012 8:20:04 PM - System Checkpoint
RP590: 5/31/2012 10:05:14 PM - System Checkpoint
RP591: 6/1/2012 11:57:12 PM - System Checkpoint
RP592: 6/3/2012 8:30:48 AM - System Checkpoint
RP593: 6/4/2012 8:50:13 AM - System Checkpoint
RP594: 6/5/2012 3:00:19 AM - Software Distribution Service 3.0
RP595: 6/6/2012 6:01:32 PM - System Checkpoint
RP596: 6/7/2012 8:24:19 PM - System Checkpoint
RP597: 6/8/2012 8:37:23 PM - System Checkpoint
RP598: 6/9/2012 10:43:47 PM - System Checkpoint
RP599: 6/11/2012 12:07:20 AM - System Checkpoint
RP600: 6/12/2012 11:52:42 AM - System Checkpoint
RP601: 6/13/2012 1:18:17 PM - System Checkpoint
RP602: 6/14/2012 3:00:17 AM - Software Distribution Service 3.0
RP603: 6/15/2012 3:39:52 AM - System Checkpoint
RP604: 6/16/2012 3:44:06 AM - System Checkpoint
RP605: 6/17/2012 3:56:18 AM - System Checkpoint
RP606: 6/18/2012 6:18:40 AM - System Checkpoint
RP607: 6/19/2012 7:08:23 AM - System Checkpoint
RP608: 6/20/2012 10:34:22 AM - System Checkpoint
RP609: 6/20/2012 7:56:27 PM - Removed Microsoft Works
RP610: 6/20/2012 7:59:54 PM - Installed Microsoft Works
RP611: 6/21/2012 3:00:17 AM - Software Distribution Service 3.0
RP612: 6/22/2012 3:00:20 AM - Software Distribution Service 3.0
RP613: 6/23/2012 3:08:15 AM - System Checkpoint
RP614: 6/24/2012 3:20:02 AM - System Checkpoint
RP615: 6/25/2012 4:19:57 AM - System Checkpoint
RP616: 6/26/2012 5:19:58 AM - System Checkpoint
RP617: 6/27/2012 10:52:04 PM - System Checkpoint
RP618: 6/29/2012 1:13:55 PM - System Checkpoint
RP619: 6/30/2012 8:24:13 PM - System Checkpoint
RP620: 7/1/2012 11:54:11 PM - System Checkpoint
RP621: 7/3/2012 12:08:53 AM - System Checkpoint
RP622: 7/4/2012 1:32:15 AM - System Checkpoint
RP623: 7/5/2012 12:54:43 AM - Installed Java™ 7 Update 5
RP624: 7/5/2012 12:56:09 AM - Removed JavaFX 2.1.0
RP625: 7/5/2012 12:56:25 AM - Installed JavaFX 2.1.1
RP626: 7/6/2012 1:13:15 AM - System Checkpoint
RP627: 7/7/2012 2:39:01 AM - System Checkpoint
RP628: 7/8/2012 3:30:12 AM - System Checkpoint
RP629: 7/9/2012 4:30:12 AM - System Checkpoint
RP630: 7/10/2012 8:21:04 AM - System Checkpoint
RP631: 7/11/2012 3:00:18 AM - Software Distribution Service 3.0
RP632: 7/13/2012 7:14:15 AM - System Checkpoint
RP633: 7/14/2012 7:32:51 AM - System Checkpoint
RP634: 7/15/2012 7:48:08 AM - System Checkpoint
RP635: 7/16/2012 10:05:33 AM - System Checkpoint
RP636: 7/17/2012 10:30:24 AM - Removed BlackBerry Desktop Software 4.2
RP637: 7/18/2012 12:23:24 PM - System Checkpoint
RP638: 7/19/2012 12:28:24 PM - System Checkpoint
RP639: 7/20/2012 1:05:42 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
ActiveHome Pro
Ad-Aware Browsing Protection
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader X (10.1.3)
Any Video Converter 3.3.8
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
AVG 2012
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
BitTorrent
Bonjour
BufferChm
c4200_Help
CCleaner
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Copy
Creative MediaSource
Dell Color Printer 725
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
Dell V305
DellSupport
Destinations
DeviceManagementQFolder
Digital Content Portal
Digital Line Detect
DocProc
DocProcQFolder
Driver Detective
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy-WebPrint
EducateU
ESPNMotion
Font Installer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 8.0
HP OCR Software 8.0
Intel Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
IrfanView (remove only)
iTunes
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 29
Java™ 7 Update 5
JavaFX 2.1.1
Learn2 Player (Uninstall Only)
Macromedia Flash Player
Malwarebytes Anti-Malware version 1.62.0.1300
Media Converter for Philips
Media Wizard 3.0 for Device
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Digital Image Library 9 - Blocker
Microsoft Excel 97
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Silverlight
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MobileMe Control Panel
Modem Helper
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
Musicnotes Software Suite 1.5.3
Nero PhotoShow Express
Nero Suite
NeroMIX
NetWaiting
OpenOffice.org 3.3
Otto
Overland
Picture Control Utility
Pidgin
PowerDVD 5.5
PS_AIO_ProductContext
Qualxserve Service Agreement
QuickTime
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
ShareIns
Shockwave
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Status
Trader's Little Helper 2.7.0
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
ViewNX
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebCyberCoach 3.2 Dell
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows PowerShell™ 1.0
Windows XP Media Center Edition 2005 KB895198
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Works Upgrade
Yahoo! Messenger
YouTube Downloader Toolbar v6.0
YTD YouTube Downloader & Converter 3.7
.
==== Event Viewer Messages From Past Week ========
.
7/18/2012 4:30:50 PM, error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The system cannot find the path specified.
7/18/2012 3:35:58 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service dlcf_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}
7/17/2012 9:01:02 AM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 a0456550, parameter3 a045624c, parameter4 b9d7364a.
7/17/2012 10:09:01 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
7/16/2012 8:35:36 AM, error: Print [6161] - The document Bring Me To Life owned by John Scott failed to print on printer Dell V305 (Copy 1). Data type: LEMF. Size of the spool file in bytes: 352268. Number of bytes printed: 352268. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\D9XRLP81. Win32 error code returned by the print processor: 0 (0x0).
7/16/2012 8:35:26 AM, error: Print [6161] - The document Bring Me To Life owned by John Scott failed to print on printer Dell V305 (Copy 1). Data type: LEMF. Size of the spool file in bytes: 352286. Number of bytes printed: 352286. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\D9XRLP81. Win32 error code returned by the print processor: 0 (0x0).
7/15/2012 9:38:46 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147500037 (0x80004005).
7/15/2012 9:38:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
7/15/2012 9:37:31 PM, error: Service Control Manager [7023] - The 6to4 service terminated with the following error: The specified module could not be found.
7/15/2012 9:37:31 PM, error: Service Control Manager [7022] - The System Event Notification service hung on starting.
7/15/2012 9:37:31 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldtCATSCustConnectService service to connect.
7/15/2012 9:37:31 PM, error: Service Control Manager [7000] - The PfModNT service failed to start due to the following error: The system cannot find the file specified.
7/15/2012 9:37:31 PM, error: Service Control Manager [7000] - The dldtCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:04 AM

Posted 26 July 2012 - 01:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461786 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:04 AM

Posted 31 July 2012 - 01:20 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 AM

Posted 05 August 2012 - 09:44 AM

This topic was re opened at the request of the owner.


Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs and let me know if the problem persists.

p.s. I will close your other duplicate topic.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:04 AM

Posted 07 August 2012 - 12:54 PM

Hello 1judi,

Do these topics: http://www.bleepingcomputer.com/forums/topic464094.html and http://www.bleepingcomputer.com/forums/topic464160.html concern the same computer?

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 1judi

1judi
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 11 August 2012 - 09:42 AM

Preparing to run ComboFix.exe

Get warning that AVG anti-virus free edition 2012 is still active

I deleted a AVG a few weeks ago do not see it in remove programs

I then added Microsoft Security Essentials

I do not find an option to disable it although icon is system tray says I am unprotected.

Warning says it is also still active

#8 1judi

1judi
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 13 August 2012 - 08:08 PM

ComboFix 12-08-13.01 - Judy 08/13/2012 19:23:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2057 [GMT -5:00]
Running from: c:\documents and settings\Judy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\SPL19C.tmp
c:\documents and settings\All Users\SPL243.tmp
c:\documents and settings\All Users\SPL45C.tmp
c:\documents and settings\All Users\SPL4EB.tmp
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\chrome.manifest
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\chrome\content\background.html
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\chrome\content\browser.xul
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossrider.js
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossriderapi.js
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\chrome\content\dialog.js
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.js
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.xul
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\chrome\content\search_dialog.xul
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\chrome\content\update.html
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\defaults\preferences\prefs.js
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\install.rdf
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\locale\en-US\translations.dtd
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\skin\button1.png
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\skin\button2.png
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\skin\button3.png
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\skin\button4.png
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\skin\button5.png
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\skin\crossrider_statusbar.png
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\skin\icon128.png
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\skin\icon16.png
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\skin\icon24.png
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\skin\icon48.png
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\skin\panelarrow-up.png
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\skin\popup.css
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\skin\popup.html
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\skin\popup_binding.xml
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\skin\skin.css
c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\extensions\crossriderapp2258@crossrider.com\skin\update.css
c:\documents and settings\Judy\Local Settings\Application Data\I Want This
c:\documents and settings\Judy\Local Settings\Application Data\I Want This\Chrome\I Want This.crx
c:\program files\I Want This
c:\program files\I Want This\I Want This.dll
c:\program files\I Want This\I Want This.ico
c:\program files\I Want This\I Want This.ini
c:\program files\I Want This\I Want ThisGui.exe
c:\program files\I Want This\I Want ThisInstaller.log
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\protect\index.html
c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files\StartNow Toolbar\Resources\protect\window.css
c:\program files\StartNow Toolbar\Resources\protect\window.js
c:\program files\StartNow Toolbar\Resources\reactivate\index.html
c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.js
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\windows\_detmp.2
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\59a5a9888e443b66.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\62cc5baf8d596a04.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6ca82876eec651b5.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7a4d52fb0b646bf7.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\be3d5ff12ac8db98.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-13 12:02 . 2012-06-29 06:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AEACD060-4DE5-4A7C-A426-FDAA6460D0FC}\mpengine.dll
2012-08-12 20:35 . 2012-08-12 20:35 -------- d-----w- c:\documents and settings\Judy\Local Settings\Application Data\Opera
2012-08-12 20:35 . 2012-08-12 20:37 -------- d-----w- c:\program files\Opera
2012-08-12 20:30 . 2012-08-12 20:30 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2012-08-12 20:30 . 2012-08-12 20:30 -------- d-----w- c:\program files\Common Files\xing shared
2012-08-12 20:29 . 2012-08-12 20:29 150736 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-08-12 20:29 . 2012-08-12 20:29 129176 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-08-12 20:29 . 2012-08-12 20:30 -------- d-----w- c:\program files\Real
2012-08-12 06:38 . 2012-06-29 06:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-02 18:13 . 2012-08-02 18:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2012-08-02 17:36 . 2012-08-02 17:38 -------- d-----w- c:\program files\iTunes
2012-08-02 13:35 . 2012-08-02 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
2012-08-02 12:48 . 2012-08-02 12:52 -------- d-----w- c:\documents and settings\Judy\Local Settings\Application Data\adawarebp
2012-08-02 12:36 . 2012-08-02 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-08-02 12:32 . 2012-08-02 13:34 -------- d-----w- c:\documents and settings\Judy\Application Data\Ad-Aware Antivirus
2012-08-02 01:59 . 2012-08-02 01:59 -------- d-----w- c:\documents and settings\Meghann Elizabethh\Local Settings\Application Data\blekkotb_031
2012-08-01 16:46 . 2012-08-01 16:46 -------- d-----w- c:\documents and settings\Judy\Application Data\DriverCure
2012-08-01 16:46 . 2012-08-01 16:46 -------- d-----w- c:\documents and settings\Judy\Application Data\SpeedMaxPc
2012-08-01 16:31 . 2012-08-01 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-08-01 13:22 . 2012-08-01 13:22 -------- d-----w- c:\program files\VS Revo Group
2012-07-30 21:08 . 2012-08-01 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\blekkotb_031
2012-07-30 02:48 . 2012-07-30 02:48 -------- d-----w- c:\documents and settings\Judy\.thumbnails
2012-07-30 02:22 . 2012-08-01 18:39 -------- d-----w- c:\documents and settings\Judy\.gimp-2.7
2012-07-30 02:22 . 2012-07-30 02:22 -------- d-----w- c:\documents and settings\Judy\Local Settings\Application Data\gegl-0.1
2012-07-29 14:59 . 2012-07-29 14:59 -------- d-----w- c:\documents and settings\Judy\Application Data\blekkotb_019
2012-07-29 14:44 . 2012-08-01 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
2012-07-29 14:44 . 2012-08-02 13:56 -------- d-----w- c:\documents and settings\Judy\Local Settings\Application Data\blekkotb_031
2012-07-29 14:44 . 2012-07-29 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
2012-07-29 14:44 . 2012-07-29 14:44 -------- d-----w- c:\program files\Yontoo
2012-07-29 14:44 . 2012-07-29 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-07-25 17:34 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-25 17:31 . 2012-07-25 17:31 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-24 06:00 . 2012-07-24 06:00 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2012-07-24 06:00 . 2012-07-24 06:00 -------- d-----w- c:\program files\Application Updater
2012-07-24 06:00 . 2012-07-24 06:00 -------- d-----w- c:\program files\Common Files\Spigot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 18:17 . 2012-03-28 13:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 18:17 . 2011-05-19 20:50 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2004-08-19 20:49 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-08-23 18:10 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-19 20:49 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-19 20:49 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2007-06-07 20:01 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2007-06-07 20:01 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2004-08-19 21:04 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2004-08-19 21:04 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2004-08-19 21:04 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2007-06-07 20:01 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2004-08-19 21:04 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2004-08-19 21:04 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2004-08-19 20:49 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2007-06-07 20:01 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2004-08-19 21:04 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2004-08-19 21:04 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2011-02-12 22:16 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18 . 2011-02-12 22:16 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2011-02-12 22:16 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2004-08-19 20:49 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-07-18 02:21 . 2011-05-06 09:54 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Nero\data\xtras\mssysmgr.exe" [2005-02-26 212992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-06-24 16624]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"DLCFCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 73728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-08-12 296096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Meghann Elizabethh\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-21 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SBBD.exe /d \Device\HarddiskVolume4\Definitions
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Judy^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\documents and settings\Judy\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ------w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:55 206064 ------w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 06:05 127035 ------w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ------w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 09:04 59392 -c--a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 14:38 241664 -c----w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 12:56 139264 ------w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 -c----w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 00:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50 155648 ------w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-03 16:38 64512 ----a-w- c:\windows\system32\P17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
2005-02-26 00:28 212992 ------w- c:\progra~1\Nero\data\Xtras\mssysmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2012-08-12 20:29 499352 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dldtcoms.exe"=
"c:\\Program Files\\Dell V305\\dldtmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldttime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtjswx.exe"=
"c:\\Program Files\\Dell V305\\dldtlscn.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [8/20/2009 11:03 AM 99568]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/28/2012 8:52 AM 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 8:40 AM 113120]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [7/19/2012 3:10 PM 792512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 18:17]
.
2012-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-08-14 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
2012-08-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3157300790-777182039-867459503-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2012-08-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3157300790-777182039-867459503-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2012-08-14 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_D9XRLP81_Meghann Elizabethh.job
- c:\windows\system32\mobsync.exe [2004-08-19 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_031&u=USERGUID&q=
FF - user.js: yahoo.homepage.dontask - true);user_pref(extentions.y2layers.installId, 889136f6-c027-4342-a1dc-4f27d9283b3a
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSConfigStartUp-CanonMyPrinter - c:\program files\Canon\MyPrinter\BJMyPrt.exe
MSConfigStartUp-cdloader - c:\documents and settings\Judy\Application Data\mjusbsp\cdloader2.exe
MSConfigStartUp-COMODO Firewall Pro - c:\program files\Comodo\Firewall\CPF.exe
MSConfigStartUp-CTSysVol - c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
MSConfigStartUp-Motive SmartBridge - c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-OpwareSE4 - c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SSBkgdUpdate - c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-UpdReg - c:\windows\UpdReg.EXE
MSConfigStartUp-YBrowser - c:\program files\Yahoo!\browser\ybrwicon.exe
AddRemove-Adobe Photoshop 7.0 - c:\program files\Adobe\Photoshop 7.0\Uninst.isu
AddRemove-Easy-WebPrint - c:\program files\Canon\Easy-WebPrint\Uninst.isu
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-Yahoo! Messenger - f:\progra~1\YAHOO!\MESSEN~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-13 19:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCFtime.dll,RunDLLEntry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3157300790-777182039-867459503-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-3157300790-777182039-867459503-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-3157300790-777182039-867459503-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-3157300790-777182039-867459503-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-3157300790-777182039-867459503-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\DesktopAppInstall\oemDesktop2]
"Name"="oemDesktop2"
"DisplayName"="Media Wizard"
"Param1"="\\EXTRAS\\DESKTOP\\Media_Wizard\\Media_Wizard_3.0.exe"
"Param2"=""
"Type"="createprocess"
"Order"=dword:00000000
"State"=dword:0000000b
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5456)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Dell V305\dldtMsdMon.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\system32\dldtcoms.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\MsPMSPSv.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\system32\mqsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2012-08-13 20:04:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-14 01:04
.
Pre-Run: 71,698,186,240 bytes free
Post-Run: 72,894,660,608 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F2C8AFD13824B7094B96046572E65D58

#9 1judi

1judi
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 13 August 2012 - 09:48 PM

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
HijackThis 2.0.2
CCleaner
JavaFX 2.1.1
Java™ 6 Update 29
Java™ 6 Update 22
Java™ 7 Update 5
Adobe Flash Player 11.3.300.270
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 12% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#10 1judi

1judi
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 13 August 2012 - 11:52 PM

Ran disk cleanup and defragmented disk, deleted hijack. Seems to run alright.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 AM

Posted 14 August 2012 - 07:32 AM

This script should remove the last trace of AVG.

Open notepad and copy/paste the text in the quote box below into it:

SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===


Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Please post the logs for my review.

#12 1judi

1judi
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 14 August 2012 - 09:40 AM

ComboFix 12-08-13.01 - Judy 08/14/2012 9:22.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2475 [GMT -5:00]
Running from: c:\documents and settings\Judy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Judy\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-14 13:47 . 2012-08-14 13:47 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{10C5FC3B-7008-4700-A5EF-ACAE6E1FF20A}\offreg.dll
2012-08-14 11:14 . 2012-08-14 11:14 -------- d-sh--w- c:\documents and settings\Judy\PrivacIE
2012-08-14 10:58 . 2012-08-14 10:58 -------- d-sh--w- c:\documents and settings\Judy\IETldCache
2012-08-14 05:04 . 2012-08-14 05:06 -------- dc-h--w- c:\windows\ie8
2012-08-14 04:58 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-08-14 04:58 . 2011-11-04 19:20 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-08-14 04:58 . 2011-11-04 19:20 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-08-14 04:58 . 2011-11-04 19:20 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-08-14 02:49 . 2012-06-29 06:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{10C5FC3B-7008-4700-A5EF-ACAE6E1FF20A}\mpengine.dll
2012-08-12 20:35 . 2012-08-12 20:35 -------- d-----w- c:\documents and settings\Judy\Local Settings\Application Data\Opera
2012-08-12 20:35 . 2012-08-12 20:37 -------- d-----w- c:\program files\Opera
2012-08-12 20:30 . 2012-08-12 20:30 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2012-08-12 20:30 . 2012-08-12 20:30 -------- d-----w- c:\program files\Common Files\xing shared
2012-08-12 20:29 . 2012-08-12 20:29 150736 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-08-12 20:29 . 2012-08-12 20:29 129176 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-08-12 20:29 . 2012-08-12 20:30 -------- d-----w- c:\program files\Real
2012-08-12 06:38 . 2012-06-29 06:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-02 18:13 . 2012-08-02 18:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2012-08-02 17:36 . 2012-08-02 17:38 -------- d-----w- c:\program files\iTunes
2012-08-02 13:35 . 2012-08-02 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
2012-08-02 12:48 . 2012-08-02 12:52 -------- d-----w- c:\documents and settings\Judy\Local Settings\Application Data\adawarebp
2012-08-02 12:36 . 2012-08-02 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-08-02 12:32 . 2012-08-02 13:34 -------- d-----w- c:\documents and settings\Judy\Application Data\Ad-Aware Antivirus
2012-08-02 01:59 . 2012-08-02 01:59 -------- d-----w- c:\documents and settings\Meghann Elizabethh\Local Settings\Application Data\blekkotb_031
2012-08-01 16:46 . 2012-08-01 16:46 -------- d-----w- c:\documents and settings\Judy\Application Data\DriverCure
2012-08-01 16:46 . 2012-08-01 16:46 -------- d-----w- c:\documents and settings\Judy\Application Data\SpeedMaxPc
2012-08-01 16:31 . 2012-08-01 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-08-01 13:22 . 2012-08-01 13:22 -------- d-----w- c:\program files\VS Revo Group
2012-07-30 21:08 . 2012-08-01 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\blekkotb_031
2012-07-30 02:48 . 2012-07-30 02:48 -------- d-----w- c:\documents and settings\Judy\.thumbnails
2012-07-30 02:22 . 2012-08-01 18:39 -------- d-----w- c:\documents and settings\Judy\.gimp-2.7
2012-07-30 02:22 . 2012-07-30 02:22 -------- d-----w- c:\documents and settings\Judy\Local Settings\Application Data\gegl-0.1
2012-07-29 14:59 . 2012-07-29 14:59 -------- d-----w- c:\documents and settings\Judy\Application Data\blekkotb_019
2012-07-29 14:44 . 2012-08-01 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
2012-07-29 14:44 . 2012-08-02 13:56 -------- d-----w- c:\documents and settings\Judy\Local Settings\Application Data\blekkotb_031
2012-07-29 14:44 . 2012-07-29 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor
2012-07-29 14:44 . 2012-07-29 14:44 -------- d-----w- c:\program files\Yontoo
2012-07-29 14:44 . 2012-07-29 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-07-25 17:34 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-25 17:31 . 2012-07-25 17:31 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-24 06:00 . 2012-07-24 06:00 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2012-07-24 06:00 . 2012-07-24 06:00 -------- d-----w- c:\program files\Application Updater
2012-07-24 06:00 . 2012-07-24 06:00 -------- d-----w- c:\program files\Common Files\Spigot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 18:17 . 2012-03-28 13:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 18:17 . 2011-05-19 20:50 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2004-08-19 20:49 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-08-23 18:10 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-19 20:49 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-19 20:49 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2007-06-07 20:01 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2007-06-07 20:01 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2004-08-19 21:04 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2004-08-19 21:04 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2004-08-19 21:04 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2007-06-07 20:01 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2004-08-19 21:04 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2004-08-19 21:04 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2004-08-19 20:49 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2007-06-07 20:01 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2004-08-19 21:04 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2004-08-19 21:04 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2011-02-12 22:16 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18 . 2011-02-12 22:16 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2011-02-12 22:16 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2004-08-19 20:49 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-07-18 02:21 . 2011-05-06 09:54 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-14_00.35.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-14 10:59 . 2012-08-14 10:59 16384 c:\windows\Temp\Perflib_Perfdata_b04.dat
+ 2005-10-22 21:41 . 2009-01-07 23:21 26144 c:\windows\system32\spupdsvc.exe
+ 2005-10-27 03:33 . 2009-01-07 23:20 16928 c:\windows\system32\spmsg.dll
+ 2004-08-19 20:49 . 2009-03-08 09:31 46592 c:\windows\system32\pngfilt.dll
+ 2006-06-29 14:05 . 2009-01-07 23:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-29 14:05 . 2006-06-29 14:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-28 23:59 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.dll
- 2006-06-28 23:59 . 2006-06-28 23:59 24576 c:\windows\system32\nlsdl.dll
- 2004-08-19 20:49 . 2007-08-14 00:01 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-19 20:49 . 2009-03-08 09:31 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-19 20:49 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
- 2004-08-19 20:49 . 2007-08-14 00:32 45568 c:\windows\system32\mshta.exe
+ 2004-08-19 20:49 . 2009-03-08 09:31 45568 c:\windows\system32\mshta.exe
+ 2007-08-14 00:36 . 2009-03-08 09:31 13312 c:\windows\system32\msfeedssync.exe
+ 2007-08-14 00:54 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-19 20:49 . 2011-11-04 19:20 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-19 20:49 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-19 20:49 . 2009-03-08 09:32 94720 c:\windows\system32\inseng.dll
+ 2004-08-19 20:49 . 2009-03-08 09:31 34816 c:\windows\system32\imgutil.dll
+ 2007-08-14 00:39 . 2009-03-08 09:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-19 20:49 . 2009-03-08 09:32 71680 c:\windows\system32\iesetup.dll
+ 2004-08-19 20:49 . 2009-03-08 09:32 55808 c:\windows\system32\iernonce.dll
+ 2006-06-29 14:05 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.dll
- 2006-06-29 14:05 . 2006-06-29 14:05 26112 c:\windows\system32\idndl.dll
+ 2007-08-14 00:36 . 2009-03-08 09:31 59904 c:\windows\system32\icardie.dll
+ 2006-05-10 05:23 . 2009-03-08 09:31 46592 c:\windows\system32\dllcache\pngfilt.dll
- 2007-08-14 00:01 . 2007-08-14 00:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-14 00:01 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2006-05-10 05:23 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-14 00:32 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe
- 2007-08-14 00:32 . 2007-08-14 00:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-11-27 20:00 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-08-14 00:44 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2006-05-10 05:22 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:22 . 2009-03-08 09:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2007-08-14 00:36 . 2009-03-08 09:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-14 00:39 . 2009-03-08 09:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-14 00:39 . 2009-03-08 09:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2007-11-27 20:00 . 2009-03-08 09:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2004-08-19 21:04 . 2009-03-08 09:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-06-29 16:12 . 2009-03-08 09:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2007-08-14 00:39 . 2009-03-08 09:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-19 20:49 . 2009-03-08 09:33 18944 c:\windows\system32\corpol.dll
+ 2004-08-19 20:49 . 2009-03-08 09:32 72704 c:\windows\system32\admparse.dll
+ 2012-08-14 05:07 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2012-08-14 05:07 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2012-08-14 05:07 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2012-08-14 05:08 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2012-08-14 05:08 . 2009-03-08 09:31 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2012-08-14 05:08 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2012-08-14 05:08 . 2009-03-08 09:34 43008 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2012-08-14 05:08 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2012-08-14 05:05 . 2009-03-08 19:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2012-08-14 05:05 . 2012-04-23 14:46 44544 c:\windows\ie8\pngfilt.dll
+ 2012-08-14 05:05 . 2007-08-14 00:01 48128 c:\windows\ie8\mshtmler.dll
+ 2012-08-14 05:05 . 2007-08-14 00:32 45568 c:\windows\ie8\mshta.exe
+ 2012-08-14 05:05 . 2007-08-14 00:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2012-08-14 05:04 . 2012-04-23 14:46 52224 c:\windows\ie8\msfeedsbs.dll
+ 2012-08-14 05:05 . 2007-08-14 00:44 40960 c:\windows\ie8\licmgr10.dll
+ 2012-08-14 05:05 . 2012-04-23 14:46 27648 c:\windows\ie8\jsproxy.dll
+ 2012-08-14 05:05 . 2007-08-14 00:39 92672 c:\windows\ie8\inseng.dll
+ 2012-08-14 05:05 . 2007-08-14 00:36 36352 c:\windows\ie8\imgutil.dll
+ 2012-08-14 05:05 . 2007-08-14 00:39 55296 c:\windows\ie8\iesetup.dll
+ 2012-08-14 05:05 . 2012-04-23 14:46 44544 c:\windows\ie8\iernonce.dll
+ 2012-08-14 05:04 . 2012-04-23 14:46 78336 c:\windows\ie8\ieencode.dll
+ 2012-08-14 05:04 . 2012-04-23 11:33 70656 c:\windows\ie8\ie4uinit.exe
+ 2012-08-14 05:04 . 2012-04-23 14:46 63488 c:\windows\ie8\icardie.dll
+ 2012-08-14 05:04 . 2007-08-14 00:18 60416 c:\windows\ie8\hmmapi.dll
+ 2012-08-14 05:04 . 2012-04-23 14:46 17408 c:\windows\ie8\corpol.dll
+ 2012-08-14 05:04 . 2007-08-14 00:39 71680 c:\windows\ie8\admparse.dll
+ 2012-08-14 05:08 . 2009-03-08 09:35 2048 c:\windows\ie8updates\KB2598845-IE8\iecompat.dll
- 2007-11-27 19:59 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2007-11-27 19:59 . 2009-01-07 23:21 121856 c:\windows\system32\xmllite.dll
+ 2004-08-19 20:49 . 2011-11-04 19:20 916992 c:\windows\system32\wininet.dll
+ 2007-08-14 00:45 . 2009-03-08 09:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-08-19 20:49 . 2009-03-08 09:34 236544 c:\windows\system32\webcheck.dll
+ 2004-08-19 20:49 . 2009-03-08 09:33 420352 c:\windows\system32\vbscript.dll
+ 2004-08-19 20:49 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
+ 2004-08-19 20:49 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
+ 2004-08-19 20:49 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
+ 2004-08-19 20:49 . 2009-03-08 09:34 193536 c:\windows\system32\msrating.dll
- 2004-08-19 20:49 . 2007-08-14 00:54 156160 c:\windows\system32\msls31.dll
+ 2004-08-19 20:49 . 2009-03-08 09:22 156160 c:\windows\system32\msls31.dll
+ 2007-08-14 00:54 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2.dll
+ 2004-08-19 20:49 . 2009-03-08 09:33 726528 c:\windows\system32\jscript.dll
- 2011-10-07 01:25 . 2012-08-14 00:36 224955 c:\windows\system32\inetsrv\MetaBase.bin
+ 2011-10-07 01:25 . 2012-08-14 14:33 224955 c:\windows\system32\inetsrv\MetaBase.bin
+ 2007-08-14 00:54 . 2009-03-08 09:22 164352 c:\windows\system32\ieui.dll
+ 2004-08-19 20:49 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
+ 2004-08-19 20:49 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 18:27 . 2009-03-08 09:11 445952 c:\windows\system32\ieapfltr.dll
+ 2004-08-19 20:49 . 2009-03-08 09:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-19 20:49 . 2009-03-08 09:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-19 20:49 . 2009-03-08 09:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-19 20:49 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
+ 2004-08-19 20:49 . 2009-03-08 09:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-19 20:49 . 2009-03-08 09:31 348160 c:\windows\system32\dxtmsft.dll
+ 2006-05-10 05:23 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-14 00:54 . 2009-03-08 09:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2006-09-18 14:15 . 2009-03-08 09:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 09:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2007-08-14 00:44 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2007-08-14 00:44 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
+ 2006-05-10 05:23 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:23 . 2009-03-08 09:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2007-08-14 00:54 . 2009-03-08 09:22 156160 c:\windows\system32\dllcache\msls31.dll
- 2007-08-14 00:54 . 2007-08-14 00:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2007-11-27 20:00 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-05-09 10:53 . 2009-03-08 09:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2007-08-14 00:43 . 2009-03-08 19:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2006-05-10 05:22 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-14 00:39 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-11-27 20:00 . 2009-03-08 09:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-08-13 23:56 . 2009-03-08 09:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-14 00:39 . 2009-03-08 09:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-14 00:39 . 2009-03-08 09:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-14 00:39 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-05-10 05:22 . 2009-03-08 09:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:22 . 2009-03-08 09:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-14 00:39 . 2009-03-08 09:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-19 20:49 . 2009-03-08 09:32 128512 c:\windows\system32\advpack.dll
+ 2012-08-14 05:07 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2012-08-14 05:07 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2012-08-14 05:07 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2012-08-14 05:07 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2012-08-14 05:07 . 2009-03-08 09:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2012-08-14 05:07 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2012-08-14 05:07 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2012-08-14 05:07 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2012-08-14 05:07 . 2009-03-08 09:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2012-08-14 05:07 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2012-08-14 05:07 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2012-08-14 05:08 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2012-08-14 05:08 . 2009-03-08 09:34 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2012-08-14 05:08 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2012-08-14 05:08 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2012-08-14 05:08 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2012-08-14 05:08 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2012-08-14 05:08 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2012-08-14 05:08 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2012-08-14 05:08 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2012-08-14 05:08 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2012-08-14 05:08 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2012-08-14 05:08 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2012-08-14 05:08 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2598845-IE8\spuninst\updspapi.dll
+ 2012-08-14 05:08 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2598845-IE8\spuninst\spuninst.exe
+ 2012-08-14 05:05 . 2012-05-15 15:39 832512 c:\windows\ie8\wininet.dll
+ 2012-08-14 05:05 . 2007-08-14 00:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2012-08-14 05:05 . 2012-04-23 14:46 233472 c:\windows\ie8\webcheck.dll
+ 2012-08-14 05:05 . 2011-04-30 08:50 766464 c:\windows\ie8\vgx.dll
+ 2012-08-14 05:05 . 2011-03-04 06:45 434176 c:\windows\ie8\vbscript.dll
+ 2012-08-14 05:05 . 2012-04-23 14:46 106496 c:\windows\ie8\url.dll
+ 2012-08-14 05:05 . 2009-01-07 23:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2012-08-14 05:05 . 2009-01-07 23:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2012-08-14 05:04 . 2006-09-06 23:43 213216 c:\windows\ie8\spuninst.exe
+ 2012-08-14 05:05 . 2012-04-23 14:46 102912 c:\windows\ie8\occache.dll
+ 2012-08-14 05:05 . 2012-04-23 14:46 671232 c:\windows\ie8\mstime.dll
+ 2012-08-14 05:05 . 2012-04-23 14:46 193024 c:\windows\ie8\msrating.dll
+ 2012-08-14 05:05 . 2007-08-14 00:54 156160 c:\windows\ie8\msls31.dll
+ 2012-08-14 05:05 . 2012-04-23 14:46 479744 c:\windows\ie8\mshtmled.dll
+ 2012-08-14 05:04 . 2012-04-23 14:46 496128 c:\windows\ie8\msfeeds.dll
+ 2012-08-14 05:05 . 2011-03-04 06:45 512000 c:\windows\ie8\jscript.dll
+ 2012-08-14 05:05 . 2012-04-22 06:40 634488 c:\windows\ie8\iexplore.exe
+ 2012-08-14 05:05 . 2007-08-14 00:54 180736 c:\windows\ie8\ieui.dll
+ 2012-08-14 05:04 . 2012-04-23 14:46 268288 c:\windows\ie8\iertutil.dll
+ 2012-08-14 05:05 . 2007-08-14 00:54 287744 c:\windows\ie8\ieproxy.dll
+ 2012-08-14 05:05 . 2012-04-23 14:46 192512 c:\windows\ie8\iepeers.dll
+ 2012-08-14 05:05 . 2012-04-23 14:46 384512 c:\windows\ie8\iedkcs32.dll
+ 2012-08-14 05:04 . 2012-04-23 14:46 380928 c:\windows\ie8\ieapfltr.dll
+ 2012-08-14 05:04 . 2012-04-22 06:39 161792 c:\windows\ie8\ieakui.dll
+ 2012-08-14 05:04 . 2012-04-23 14:46 230400 c:\windows\ie8\ieaksie.dll
+ 2012-08-14 05:04 . 2012-04-23 14:46 153088 c:\windows\ie8\ieakeng.dll
+ 2012-08-14 05:04 . 2012-04-23 14:46 214528 c:\windows\ie8\dxtrans.dll
+ 2012-08-14 05:04 . 2012-04-23 14:46 347136 c:\windows\ie8\dxtmsft.dll
+ 2012-08-14 05:04 . 2012-04-23 14:46 124928 c:\windows\ie8\advpack.dll
+ 2004-08-19 20:49 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-19 20:49 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll
+ 2007-08-14 00:34 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
+ 2007-02-12 22:10 . 2009-02-07 02:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2006-05-10 05:23 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2006-05-19 15:08 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll
+ 2007-11-27 20:00 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2007-11-27 20:00 . 2009-02-07 02:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-01-07 23:20 . 2009-01-07 23:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2012-08-14 05:07 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2012-08-14 05:07 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2012-08-14 05:07 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2012-08-14 05:08 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2012-08-14 05:08 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2012-08-14 05:08 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2012-08-14 05:05 . 2012-04-23 14:46 1168896 c:\windows\ie8\urlmon.dll
+ 2012-08-14 05:05 . 2012-04-23 14:46 3618816 c:\windows\ie8\mshtml.dll
+ 2012-08-14 05:04 . 2012-04-23 14:46 6105088 c:\windows\ie8\ieframe.dll
+ 2012-08-14 05:04 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
+ 2007-08-14 00:54 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll
+ 2007-11-27 20:00 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2012-08-14 05:07 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2012-08-14 05:08 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Nero\data\xtras\mssysmgr.exe" [2005-02-26 212992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-06-24 16624]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"DLCFCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 73728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-08-12 296096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Meghann Elizabethh\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-21 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SBBD.exe /d \Device\HarddiskVolume4\Definitions
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Judy^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\documents and settings\Judy\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ------w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:55 206064 ------w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 06:05 127035 ------w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ------w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 09:04 59392 -c--a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 14:38 241664 -c----w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 12:56 139264 ------w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 -c----w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 00:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50 155648 ------w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-03 16:38 64512 ----a-w- c:\windows\system32\P17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
2005-02-26 00:28 212992 ------w- c:\progra~1\Nero\data\Xtras\mssysmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2012-08-12 20:29 499352 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dldtcoms.exe"=
"c:\\Program Files\\Dell V305\\dldtmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldttime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtjswx.exe"=
"c:\\Program Files\\Dell V305\\dldtlscn.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 MpKsle88de72b;MpKsle88de72b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{10C5FC3B-7008-4700-A5EF-ACAE6E1FF20A}\MpKsle88de72b.sys [8/14/2012 5:59 AM 29904]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [8/20/2009 11:03 AM 99568]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/28/2012 8:52 AM 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 8:40 AM 113120]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [7/19/2012 3:10 PM 792512]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLE88DE72B
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 18:17]
.
2012-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-08-14 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
2012-08-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3157300790-777182039-867459503-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2012-08-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3157300790-777182039-867459503-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2012-08-14 c:\windows\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_D9XRLP81_Meghann Elizabethh.job
- c:\windows\system32\mobsync.exe [2004-08-19 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_031&u=USERGUID&q=
FF - user.js: yahoo.homepage.dontask - true);user_pref(extentions.y2layers.installId, 889136f6-c027-4342-a1dc-4f27d9283b3a
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-14 09:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCFtime.dll,RunDLLEntry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3157300790-777182039-867459503-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-3157300790-777182039-867459503-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-3157300790-777182039-867459503-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-3157300790-777182039-867459503-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b
.
[HKEY_USERS\S-1-5-21-3157300790-777182039-867459503-1006\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\DesktopAppInstall\oemDesktop2]
"Name"="oemDesktop2"
"DisplayName"="Media Wizard"
"Param1"="\\EXTRAS\\DESKTOP\\Media_Wizard\\Media_Wizard_3.0.exe"
"Param2"=""
"Type"="createprocess"
"Order"=dword:00000000
"State"=dword:0000000b
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5668)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-08-14 09:37:04
ComboFix-quarantined-files.txt 2012-08-14 14:37
ComboFix2.txt 2012-08-14 01:04
.
Pre-Run: 73,902,665,728 bytes free
Post-Run: 73,912,659,968 bytes free
.
- - End Of File - - AC59EBC8D204C06C9FC94E8E067C3C2B

#13 1judi

1judi
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 14 August 2012 - 09:43 AM

# AdwCleaner v1.801 - Logfile created 08/14/2012 at 09:42:49
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Judy - D9XRLP81
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Judy\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Application Updater

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\Judy\Local Settings\Application Data\Babylon
Folder Found : C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Found : C:\Documents and Settings\Judy\Local Settings\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\John Scott\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Judy\Application Data\Babylon
Folder Found : C:\Documents and Settings\Judy\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\Judy\Application Data\Search Settings
Folder Found : C:\Documents and Settings\Judy\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\Meghann Elizabethh\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Meghann Elizabethh\Application Data\Search Settings
Folder Found : C:\Documents and Settings\Meghann Elizabethh\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\John Scott\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\John Scott\Application Data\Search Settings
Folder Found : C:\Documents and Settings\Ben\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Ben\Application Data\Search Settings
Folder Found : C:\Documents and Settings\Meghann Elizabethh\Application Data\Mozilla\Firefox\Profiles\hqoxcudt.default\extensions\crossriderapp2258@crossrider.com
Folder Found : C:\Documents and Settings\John Scott\Application Data\Mozilla\Firefox\Profiles\tw79bdsd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
Folder Found : C:\Documents and Settings\John Scott\Application Data\Mozilla\Firefox\Profiles\tw79bdsd.default\extensions\crossriderapp2258@crossrider.com
Folder Found : C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\afab6yda.default\extensions\crossriderapp2258@crossrider.com
Folder Found : C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Program Files\Application Updater
Folder Found : C:\Program Files\Viewpoint
Folder Found : C:\Program Files\Yontoo
Folder Found : C:\Program Files\YouTube Downloader Toolbar
Folder Found : C:\Program Files\Common Files\spigot
File Found : C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\searchplugins\web-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Crossrider
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\SOFTWARE\OpenCandy
Key Found : HKLM\SOFTWARE\Search Settings
Key Found : HKLM\SOFTWARE\Viewpoint
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\prefs.js

Found : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
Found : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1343611208);
Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false[...]
Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
Found : user_pref("extensions.crossriderapp2258.2258.active", true);
Found : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Found : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Found : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n_GPL_PID = 21;\nfunction parse_url([...]
Found : user_pref("extensions.crossriderapp2258.2258.backgroundver", 10);
Found : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Found : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Found : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1343611208");
Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1343611208");
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2216185%22");
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221090%22");
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2261639%22");
Found : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Found : user_pref("extensions.crossriderapp2258.2258.domain", "");
Found : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Found : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Found : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Found : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Found : user_pref("extensions.crossriderapp2258.2258.group", 0);
Found : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Found : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Found : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Found : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Found : user_pref("extensions.crossriderapp2258.2258.js", "\nvar _GPL_PID=21,_GPL_baseCDN=\"contentcache-a.a[...]
Found : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Found : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Found : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Found : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(f,B){if(typeof(B)==[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1);
Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16");
Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15");
Found : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Found : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 4);
Found : user_pref("extensions.crossriderapp2258.2258.premium", true);
Found : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Found : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Found : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Found : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Found : user_pref("extensions.crossriderapp2258.2258.thankyou", "");
Found : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Found : user_pref("extensions.crossriderapp2258.2258.ver", 65);
Found : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Found : user_pref("extensions.crossriderapp2258.apps", "2258");
Found : user_pref("extensions.crossriderapp2258.bic", "138d762ef082aaace4dea3c1f461468d");
Found : user_pref("extensions.crossriderapp2258.cid", 2258);
Found : user_pref("extensions.crossriderapp2258.firstrun", false);
Found : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Found : user_pref("extensions.crossriderapp2258.installationdate", 1343643382);
Found : user_pref("extensions.crossriderapp2258.lastcheck", 22398276);
Found : user_pref("extensions.crossriderapp2258.lastcheckitem", 22398505);
Found : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1343722939712");
Found : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1343722939711");
Found : user_pref("extensions.crossriderapp2258.modetype", "production");
Found : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_031&u=U[...]

Profile name : default
File : C:\Documents and Settings\Meghann Elizabethh\Application Data\Mozilla\Firefox\Profiles\hqoxcudt.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Found : user_pref("browser.search.defaultenginename", "blekko");
Found : user_pref("browser.search.selectedEngine", "blekko");
Found : user_pref("browser.search.order.1", "blekko");
Found : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=01[...]
Found : user_pref("extensions.crossriderapp2258.adsOldValue", -1);

Profile name : default
File : C:\Documents and Settings\John Scott\Application Data\Mozilla\Firefox\Profiles\tw79bdsd.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Found : user_pref("avg.install.userSPSettings", "AVG Secure Search");
Found : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1344098500);
Found : user_pref("extensions.crossriderapp2258.2258.active", true);
Found : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Found : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Found : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n_GPL_PID = 21;\nfunction parse_url([...]
Found : user_pref("extensions.crossriderapp2258.2258.backgroundver", 10);
Found : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Found : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Found : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1344098500");
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1344098500");
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2216185%22");
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221090%22");
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2263731%22");
Found : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Found : user_pref("extensions.crossriderapp2258.2258.domain", "");
Found : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Found : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Found : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Found : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Found : user_pref("extensions.crossriderapp2258.2258.group", 0);
Found : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Found : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Found : user_pref("extensions.crossriderapp2258.2258.js", "\nvar _GPL_PID=21,_GPL_baseCDN=\"contentcache-a.a[...]
Found : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Found : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Found : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Found : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(f,B){if(typeof(B)==[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3);
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1);
Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16");
Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15");
Found : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Found : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 4);
Found : user_pref("extensions.crossriderapp2258.2258.premium", true);
Found : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Found : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Found : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Found : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Found : user_pref("extensions.crossriderapp2258.2258.thankyou", "");
Found : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Found : user_pref("extensions.crossriderapp2258.2258.ver", 66);
Found : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Found : user_pref("extensions.crossriderapp2258.apps", "2258");
Found : user_pref("extensions.crossriderapp2258.bic", "138f2837cdcfa752013912d0991e8767");
Found : user_pref("extensions.crossriderapp2258.cid", 2258);
Found : user_pref("extensions.crossriderapp2258.firstrun", false);
Found : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Found : user_pref("extensions.crossriderapp2258.installationdate", 1344098500);
Found : user_pref("extensions.crossriderapp2258.lastcheck", 22409229);
Found : user_pref("extensions.crossriderapp2258.lastcheckitem", 22409257);
Found : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1344106511731");
Found : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1344106511719");
Found : user_pref("extensions.crossriderapp2258.modetype", "production");
Found : user_pref("extensions.enabledAddons", "crossriderapp2258@crossrider.com:0.83.65,{972ce4c6-7e08-4474-[...]

Profile name : default
File : C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\afab6yda.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Found : user_pref("avg.install.userSPSettings", "AVG Secure Search");
Found : user_pref("extensions.crossriderapp2258.adsOldValue", -1);

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.1.1532.0

File : C:\Documents and Settings\Judy\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [24711 octets] - [14/08/2012 09:42:49]

########## EOF - C:\AdwCleaner[R1].txt - [24840 octets] ##########

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 AM

Posted 14 August 2012 - 01:47 PM

Delete these AdWare.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.


#15 1judi

1judi
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 14 August 2012 - 09:15 PM

# AdwCleaner v1.801 - Logfile created 08/14/2012 at 20:16:19
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Judy - D9XRLP81
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Judy\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Judy\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Documents and Settings\Judy\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\John Scott\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Judy\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Judy\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Judy\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Judy\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Meghann Elizabethh\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Meghann Elizabethh\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Meghann Elizabethh\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\John Scott\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\John Scott\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Ben\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Ben\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Meghann Elizabethh\Application Data\Mozilla\Firefox\Profiles\hqoxcudt.default\extensions\crossriderapp2258@crossrider.com
Folder Deleted : C:\Documents and Settings\John Scott\Application Data\Mozilla\Firefox\Profiles\tw79bdsd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
Folder Deleted : C:\Documents and Settings\John Scott\Application Data\Mozilla\Firefox\Profiles\tw79bdsd.default\extensions\crossriderapp2258@crossrider.com
Folder Deleted : C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\afab6yda.default\extensions\crossriderapp2258@crossrider.com
Deleted on reboot : C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\Program Files\YouTube Downloader Toolbar
Folder Deleted : C:\Program Files\Common Files\spigot
File Deleted : C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\searchplugins\web-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\OpenCandy
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\Viewpoint
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\prefs.js

C:\Documents and Settings\Judy\Application Data\Mozilla\Firefox\Profiles\fcjprzz1.default\user.js ... Deleted !

Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1343611208);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n_GPL_PID = 21;\nfunction parse_url([...]
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 10);
Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1343611208");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1343611208");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2216185%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221090%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2261639%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\nvar _GPL_PID=21,_GPL_baseCDN=\"contentcache-a.a[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(f,B){if(typeof(B)==[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15");
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 4);
Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 65);
Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
Deleted : user_pref("extensions.crossriderapp2258.bic", "138d762ef082aaace4dea3c1f461468d");
Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1343643382);
Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22398276);
Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22398505);
Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1343722939712");
Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1343722939711");
Deleted : user_pref("extensions.crossriderapp2258.modetype", "production");
Deleted : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_031&u=U[...]

Profile name : default
File : C:\Documents and Settings\Meghann Elizabethh\Application Data\Mozilla\Firefox\Profiles\hqoxcudt.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Deleted : user_pref("browser.search.defaultenginename", "blekko");
Deleted : user_pref("browser.search.selectedEngine", "blekko");
Deleted : user_pref("browser.search.order.1", "blekko");
Deleted : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=01[...]
Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);

Profile name : default
File : C:\Documents and Settings\John Scott\Application Data\Mozilla\Firefox\Profiles\tw79bdsd.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Deleted : user_pref("avg.install.userSPSettings", "AVG Secure Search");
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1344098500);
Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n_GPL_PID = 21;\nfunction parse_url([...]
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 10);
Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1344098500");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1344098500");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2216185%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221090%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2263731%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\nvar _GPL_PID=21,_GPL_baseCDN=\"contentcache-a.a[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(f,B){if(typeof(B)==[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15");
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 4);
Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 66);
Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
Deleted : user_pref("extensions.crossriderapp2258.bic", "138f2837cdcfa752013912d0991e8767");
Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1344098500);
Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22409229);
Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22409257);
Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1344106511731");
Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1344106511719");
Deleted : user_pref("extensions.crossriderapp2258.modetype", "production");
Deleted : user_pref("extensions.enabledAddons", "crossriderapp2258@crossrider.com:0.83.65,{972ce4c6-7e08-4474-[...]

Profile name : default
File : C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\afab6yda.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Deleted : user_pref("avg.install.userSPSettings", "AVG Secure Search");
Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Judy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.1.1532.0

File : C:\Documents and Settings\Judy\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [24842 octets] - [14/08/2012 09:42:49]
AdwCleaner[S1].txt - [25376 octets] - [14/08/2012 20:16:19]

########## EOF - C:\AdwCleaner[S1].txt - [25505 octets] ##########




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users