Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old April 1st, 2013, 08:55 AM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Age: 91
Posts: 486
1000 problems

Usually when finishing my work I clean and delete all temporary Internet files and cookies by means the Ccleaner and sometimes I also check the remaining files in “tools>internet options”.
From time to time I receive a proposal to scan my computer “free” in order to speed up working of the computer.
When doing such scan I find that some 200 – 1500 various problems are troubling my computer and then I receive a new proposal to repair and remove the problems, this time already for some fee.
I don’t mind to acquire and pay for some speeding up program if the problems are real, but in most cases it looks as a sales promotion trick.
Can anybody explain what the hundreds or thousands “problems” may be and if such programs do some efficient work.
Thanks
Reply With Quote


  #2  
Old April 1st, 2013, 10:11 AM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,431
Hello, idr
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Could you show me a screenshot of such a window? Sounds like Rogue.
Reply With Quote
  #3  
Old April 1st, 2013, 03:26 PM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Age: 91
Posts: 486
Thank you Ted
I loaded the scanning program again today, scanned and prepared three screens for you , but I see that I am not allowed to send attachements. Sorry. Anyway the program is called RegClean Pro and I found it when checking my connect6ion speed by the Global Broadband Speedtest. This time it found about 600 problems, this morning, before my first message, there were over 1000.
Reply With Quote
  #4  
Old April 1st, 2013, 05:58 PM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,431
Please send it to schrauber(at)gmx.eu

  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Push the Quick Scan button.
  5. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Reply With Quote
  #5  
Old April 2nd, 2013, 04:49 PM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Age: 91
Posts: 486
1000 problems

I find only the OTL.txt report and it is too long (62946 char.) to send it here
Reply With Quote
  #6  
Old April 2nd, 2013, 05:07 PM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Age: 91
Posts: 486
and here is the extra.txt
*
OTL Extras logfile created on: 02/04/2013 17:40:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\y\שולחן העבודה
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.93% Memory free
3.81 Gb Paging File | 3.12 Gb Available in Paging File | 81.79% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.24 Gb Total Space | 49.75 Gb Free Space | 67.93% Space Free | Partition Type: NTFS
Drive D: | 73.24 Gb Total Space | 70.14 Gb Free Space | 95.76% Space Free | Partition Type: NTFS
Drive E: | 73.24 Gb Total Space | 72.76 Gb Free Space | 99.34% Space Free | Partition Type: NTFS
Drive F: | 78.36 Gb Total Space | 70.52 Gb Free Space | 90.00% Space Free | Partition Type: NTFS
Drive G: | 3.73 Gb Total Space | 0.67 Gb Free Space | 18.01% Space Free | Partition Type: FAT32
Drive H: | 465.76 Gb Total Space | 346.79 Gb Free Space | 74.46% Space Free | Partition Type: NTFS

Computer Name: IDR-4F4EA6FAA7A | User Name: y | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res. dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res. dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateMa nagerSetup -- (Microsoft Corporation)
"C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager .exe" = C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager .exe:*:Enabled:SweetPacksUpdateManager
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit -- (Ghisler Software GmbH)
"C:\Program Files\HP\Common\HPDeviceDetection3.exe" = C:\Program Files\HP\Common\HPDeviceDetection3.exe:*:Enabled:H P Device Detection -- (Hewlett-Packard Company)
"C:\Documents and Settings\y\Local Settings\Temp\7zS1CA8\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\y\Local Settings\Temp\7zS1CA8\HPDiagnosticCoreUI.exe:*:Ena bled:HPSAPS
"C:\Documents and Settings\y\Local Settings\Temp\7zS2E63\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\y\Local Settings\Temp\7zS2E63\HPDiagnosticCoreUI.exe:*:Ena bled:HPSAPS


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{111225F7-13A9-4AD6-A759-C7923C8981E6}" = BCL easyConverter 3.0 RTF SDK Module
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350C97B4-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE
"{5598FBEB-CEB5-41CE-BAA4-70128DF02FFB}" = BCL easyConverter 3.0 Licensing Module (BCL License)
"{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7087A693-D9B9-11D3-B589-00105AA461D0}" = dtSearch
"{70989FB7-3ADD-3C69-A8C8-43D484FBE958}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - HEB
"{70C5C0CE-4D42-3667-AB4D-774AAFE9DB48}" = Microsoft .NET Framework 3.5 Language Pack - heb
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{81D294B4-57F3-3EC0-93B3-9B1BD9DB6C83}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - HEB
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83E61899-81B2-4F35-A3EB-42CF51B94BBD}" = BCL easyConverter 3.0 Loader SDK Module
"{879C4951-5561-324B-B0F5-AA0864C4499E}" = Microsoft .NET Framework 4 Extended HEB Language Pack
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5845B5-729F-40E3-A945-4454E67F65F4}" = BCL easyConverter Desktop 3 (Word Version)
"{8FC35EC2-F690-3417-8175-ED16EC771126}" = Microsoft .NET Framework 4 Client Profile HEB Language Pack
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF5D2519-C6B4-4AFD-9A8D-FBF74DD4F0A0}" = HP Product Detection
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D4202561-B3B0-448C-B190-35A7F54E401C}" = OpenOffice.org 3.3
"{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{E1BDAC32-B358-442C-A337-D91BA0386824}" = BCL easyConverter 3.0 SDK Module
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8D605A4-979D-43FF-9FD5-6BDDF1E3E288}" = BCL easyConverter 3.0 Module (Loader, BCL License)
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FBE9E2A1-E7F0-42AA-875A-E230EB9AFA19}" = BCL easyConverter 3.0 Module (RTF, BCL License)
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"ABK_is1" = Boss Key Demo 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AI RoboForm" = avast! EasyPass
"Apago PDF Shrink" = Apago PDF Shrink 4.5
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"avast" = avast! Free Antivirus
"Backup995" = Backup995
"Calendar Magic_is1" = Calendar Magic V17.5
"CCleaner" = CCleaner
"Cursor" = Microsoft Office 97 Animated Cursors
"Debut" = Debut Video Capture Software
"DeepBurner v1.1.0.91 Beta1" = DeepBurner v1.1.0.91 Beta1
"DefaultTab" = DefaultTab
"Defraggler" = Defraggler
"FileZilla Client" = FileZilla Client 3.6.0.1
"Foxit PDF Editor" = Foxit PDF Editor
"Freecorder 7 Applications" = Freecorder 7 Applications (7.0.0.48)
"Freecorder extension" = Freecorder extension
"Freecorder extension for Chrome" = Freecorder extension for Chrome
"Freecorder extension for Firefox" = Freecorder extension for Firefox
"FreeKapture 2.00 - Freeware_is1" = FreeKapture 2.00 - Freeware
"Google Chrome" = Google Chrome
"Google Chrome Frame" = Google Chrome Frame
"HCC Lite" = HCC Lite
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"iCopy" = iCopy
"ie8" = Windows Internet Explorer 8
"iLivid" = iLivid
"InCD!UninstallKey" = InCD
"InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"InstallShield_{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Keyboard & Mouse Driver
"IrfanView" = IrfanView (remove only)
"LiveAdvisor" = LiveAdvisor (Symantec Corporation)
"MailBell" = MailBell
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfee Visual Trace" = McAfee Visual Trace
"Microsoft .NET Framework 3.5 Language Pack - heb" = ערכת שפה של Microsoft .NET Framework 3.5 - HEB
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile HEB Language Pack" = Microsoft .NET Framework 4 Client Profile HEB Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended HEB Language Pack" = Microsoft .NET Framework 4 Extended HEB Language Pack
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My Lockbox_is1" = My Lockbox 2.9.6
"NeoTrace Express 3.25" = NeoTrace Express 3.25
"NeoTrace Pro 3.25 Trial" = NeoTrace Pro 3.25 Trial
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NirSoft IPNetInfo" = NirSoft IPNetInfo
"Office8.0" = Microsoft Office 97, Professional Edition
"OmniFormat" = OmniFormat
"Otiot" = Otiot
"PDF2Word Converter_is1" = PDF2Word Converter Version 1.0.8 (Build 164)
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"PhotoEdit995" = PhotoEdit995
"RealPlayer 16.0" = RealPlayer
"Recuva" = Recuva
"Scan2PDF_is1" = Scan2PDF 1.6
"Signature995" = Signature995
"Super Text Search_is1" = Super Text Search 2.5
"Totalcmd" = Total Commander (Remove or Repair)
"Viewer97" = Microsoft Word Viewer 97
"WE READ" = WE READ
"WinGimp-1.2.3_is1" = The GIMP 1.2.5-20030729
"WinGTK-1.3_is1" = GTK+ 1.3.0-20030717 runtime environment
"WordBrowser995" = WordBrowser995
"XnView_is1" = XnView 1.97
"תנ"ך ממוחשב" = תנ"ך ממוחשב

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"ICDL Book Reader" = ICDL Book Reader

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01/04/2013 00:39:48 | Computer Name = IDR-4F4EA6FAA7A | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
faulting module scripthost.dll, version 0.8.10.8, stamp 50752e3a, debug? 0, fault
address 0x0000713a.

Error - 01/04/2013 00:56:51 | Computer Name = IDR-4F4EA6FAA7A | Source = Application Hang | ID = 1002
Description = ‏‏יישום לא מגיב iexplore.exe, גירסה 8.0.6001.18702, מודול חוסר תגובה
hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

Error - 01/04/2013 14:00:25 | Computer Name = IDR-4F4EA6FAA7A | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Word Viewer 2003 -- Error 25090. Office
Setup encountered a problem with the Office Source Engine, system error: -2147023836.
Please open and look for "Office Source Engine" for information on how to resolve
this problem.

Error - 01/04/2013 14:00:25 | Computer Name = IDR-4F4EA6FAA7A | Source = MsiInstaller | ID = 1024
Description = ‏‏מוצר: Microsoft Office Word Viewer 2003 - לא היתה אפשרות להתקין
את העדכון 'Security Update for Word Viewer 2003 (KB934041): WORDVIEW'. קוד שגיאה
1603. ל- Windows Installer יש אפשרות ליצור יומני שגיאה כדי לסייע בפתרון בעיות בהתקנה
של חבילות תוכנה. השתמש בקישור שלהלן לקבלת הוראות להפעלת תמיכה ברישום: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 01/04/2013 14:00:27 | Computer Name = IDR-4F4EA6FAA7A | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Word Viewer 2003 -- Error 25090. Office
Setup encountered a problem with the Office Source Engine, system error: -2147023836.
Please open and look for "Office Source Engine" for information on how to resolve
this problem.

Error - 01/04/2013 14:00:27 | Computer Name = IDR-4F4EA6FAA7A | Source = MsiInstaller | ID = 1024
Description = ‏‏מוצר: Microsoft Office Word Viewer 2003 - לא היתה אפשרות להתקין
את העדכון 'Security Update for Word Viewer 2003 (KB943992): WORDVIEW'. קוד שגיאה
1603. ל- Windows Installer יש אפשרות ליצור יומני שגיאה כדי לסייע בפתרון בעיות בהתקנה
של חבילות תוכנה. השתמש בקישור שלהלן לקבלת הוראות להפעלת תמיכה ברישום: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 01/04/2013 14:00:31 | Computer Name = IDR-4F4EA6FAA7A | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Word Viewer 2003 -- Error 25090. Office
Setup encountered a problem with the Office Source Engine, system error: -2147023836.
Please open and look for "Office Source Engine" for information on how to resolve
this problem.

Error - 01/04/2013 14:00:31 | Computer Name = IDR-4F4EA6FAA7A | Source = MsiInstaller | ID = 1024
Description = ‏‏מוצר: Microsoft Office Word Viewer 2003 - לא היתה אפשרות להתקין
את העדכון 'Security Update for Office 2003 (KB953404): MSO'. קוד שגיאה 1603. ל-
Windows Installer יש אפשרות ליצור יומני שגיאה כדי לסייע בפתרון בעיות בהתקנה של חבילות
תוכנה. השתמש בקישור שלהלן לקבלת הוראות להפעלת תמיכה ברישום: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 01/04/2013 14:00:34 | Computer Name = IDR-4F4EA6FAA7A | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Office Word Viewer 2003 -- Error 25090. Office
Setup encountered a problem with the Office Source Engine, system error: -2147023836.
Please open and look for "Office Source Engine" for information on how to resolve
this problem.

Error - 01/04/2013 14:00:34 | Computer Name = IDR-4F4EA6FAA7A | Source = MsiInstaller | ID = 1024
Description = ‏‏מוצר: Microsoft Office Word Viewer 2003 - לא היתה אפשרות להתקין
את העדכון 'Security Update for Office 2003 (KB924424): MSXML5'. קוד שגיאה 1603.
ל- Windows Installer יש אפשרות ליצור יומני שגיאה כדי לסייע בפתרון בעיות בהתקנה של
חבילות תוכנה. השתמש בקישור שלהלן לקבלת הוראות להפעלת תמיכה ברישום: http://go.microsoft.com/fwlink/?LinkId=23127

[ System Events ]
Error - 31/03/2013 03:59:59 | Computer Name = IDR-4F4EA6FAA7A | Source = DCOM | ID = 10010
Description = The server {11B5D057-05B8-4BB6-9F03-6370FF2CF27B} did not register
with DCOM within the required timeout.

Error - 31/03/2013 14:00:28 | Computer Name = IDR-4F4EA6FAA7A | Source = Windows Update Agent | ID = 20
Description = ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80070643:
עדכון אבטחה עבור Word Viewer 2003 ‏‏(KB934041‎)‏.

Error - 31/03/2013 14:00:28 | Computer Name = IDR-4F4EA6FAA7A | Source = Windows Update Agent | ID = 20
Description = ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80070643:
עדכון אבטחה עבור Word Viewer 2003‏ (KB943992).

Error - 31/03/2013 14:00:49 | Computer Name = IDR-4F4EA6FAA7A | Source = Windows Update Agent | ID = 20
Description = ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80070643:
עדכון אבטחה עבור Microsoft Office 2003 ‏(KB953404).

Error - 31/03/2013 14:00:49 | Computer Name = IDR-4F4EA6FAA7A | Source = Windows Update Agent | ID = 20
Description = ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80070643:
עדכון אבטחה עבור Office 2003 ‏(KB924424).

Error - 01/04/2013 12:58:52 | Computer Name = IDR-4F4EA6FAA7A | Source = Windows Update Agent | ID = 16
Description = ‏‏לא ניתן להתחבר: ל- Windows אין אפשרות להתחבר לשירות העדכונים האוטומטיים
ולכן אין אפשרות להוריד ולהתקין עדכונים בהתאם ללוח הזמנים שנקבע. Windows ימשיך לבצע
נסיונות ליצור חיבור.

Error - 01/04/2013 14:00:30 | Computer Name = IDR-4F4EA6FAA7A | Source = Windows Update Agent | ID = 20
Description = ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80070643:
עדכון אבטחה עבור Word Viewer 2003 ‏‏(KB934041‎)‏.

Error - 01/04/2013 14:00:30 | Computer Name = IDR-4F4EA6FAA7A | Source = Windows Update Agent | ID = 20
Description = ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80070643:
עדכון אבטחה עבור Word Viewer 2003‏ (KB943992).

Error - 01/04/2013 14:00:55 | Computer Name = IDR-4F4EA6FAA7A | Source = Windows Update Agent | ID = 20
Description = ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80070643:
עדכון אבטחה עבור Microsoft Office 2003 ‏(KB953404).

Error - 01/04/2013 14:00:55 | Computer Name = IDR-4F4EA6FAA7A | Source = Windows Update Agent | ID = 20
Description = ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80070643:
עדכון אבטחה עבור Office 2003 ‏(KB924424).


< End of report >
Reply With Quote
  #7  
Old April 2nd, 2013, 08:55 PM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,431
please post the OTL.txt in pieces and use several posts if needed.
Reply With Quote
  #8  
Old April 3rd, 2013, 07:25 AM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Age: 91
Posts: 486
1000 problems

OTL 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\y\שולחן העבודה
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.93% Memory free
3.81 Gb Paging File | 3.12 Gb Available in Paging File | 81.79% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.24 Gb Total Space | 49.75 Gb Free Space | 67.93% Space Free | Partition Type: NTFS
Drive D: | 73.24 Gb Total Space | 70.14 Gb Free Space | 95.76% Space Free | Partition Type: NTFS
Drive E: | 73.24 Gb Total Space | 72.76 Gb Free Space | 99.34% Space Free | Partition Type: NTFS
Drive F: | 78.36 Gb Total Space | 70.52 Gb Free Space | 90.00% Space Free | Partition Type: NTFS
Drive G: | 3.73 Gb Total Space | 0.67 Gb Free Space | 18.01% Space Free | Partition Type: FAT32
Drive H: | 465.76 Gb Total Space | 346.79 Gb Free Space | 74.46% Space Free | Partition Type: NTFS

Computer Name: IDR-4F4EA6FAA7A | User Name: y | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/02 17:40:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\y\שולחן העבודה\OTL.exe
PRC - [2013/03/15 10:24:57 | 000,096,056 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2013/03/07 19:52:16 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/03/07 02:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/07 02:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/03/07 00:01:28 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\y\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2013/02/11 10:42:26 | 000,572,928 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
PRC - [2013/02/05 18:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013/01/04 12:46:00 | 002,587,576 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\mylbx.exe
PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe
PRC - [2012/11/20 17:02:06 | 001,726,824 | ---- | M] (FSPro Labs) -- C:\Program Files\Hide Folders 2012\hf.exe
PRC - [2012/10/13 19:43:30 | 000,569,720 | ---- | M] () -- C:\Program Files\Freecorder extension\PropertySync.exe
PRC - [2012/09/23 09:08:44 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2012/07/12 03:15:34 | 000,049,512 | ---- | M] (FSPro Labs) -- C:\WINDOWS\system32\fsproflt2.exe
PRC - [2012/06/11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/06/11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2009/09/22 12:51:56 | 000,339,968 | ---- | M] (UASSOFT.COM) -- F:\KMProcess.exe
PRC - [2009/09/22 12:45:58 | 000,391,168 | ---- | M] (UASSOFT.COM) -- F:\KMCONFIG.exe
PRC - [2009/03/08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\y\שולחן העבודה\iexplore.exe
PRC - [2008/07/19 00:17:22 | 001,514,496 | ---- | M] () -- G:\ABK\abk.exe
PRC - [2008/05/30 02:22:38 | 000,212,992 | ---- | M] (UASSOFT.COM) -- F:\StartAutorun.exe
PRC - [2008/04/13 20:17:52 | 000,059,904 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 20:17:44 | 001,202,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/23 10:45:40 | 001,336,632 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
PRC - [2004/03/09 21:26:52 | 000,876,656 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\incdsrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/02 09:45:49 | 002,084,864 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13040200\algo.dll
MOD - [2013/03/07 00:01:28 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\y\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
MOD - [2013/02/11 10:42:26 | 000,572,928 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
MOD - [2013/01/10 13:56:29 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\fe025743210c22bea2f009e1612c38bf\System.Xm l.ni.dll
MOD - [2013/01/10 13:55:15 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 13:55:09 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\msc orlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni .dll
MOD - [2013/01/10 13:54:01 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0. 0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2013/01/09 15:06:28 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2. 0.0.0_he_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe
MOD - [2012/11/19 00:04:19 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0 .0__b77a5c561934e089\System.Xml.Linq.dll
MOD - [2012/11/19 00:04:17 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core\3.5.0.0__ b77a5c561934e089\System.Core.dll
MOD - [2012/10/13 19:43:30 | 000,569,720 | ---- | M] () -- C:\Program Files\Freecorder extension\PropertySync.exe
MOD - [2012/10/13 19:43:30 | 000,256,888 | ---- | M] () -- C:\Program Files\Freecorder extension\ButtonSite.dll
MOD - [2011/07/01 23:37:12 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2010/06/30 15:03:14 | 000,051,512 | ---- | M] () -- C:\Program Files\My Lockbox\FSPFlt.dll
MOD - [2008/07/19 00:17:22 | 001,514,496 | ---- | M] () -- G:\ABK\abk.exe
MOD - [2008/06/16 10:06:10 | 000,053,248 | ---- | M] () -- F:\MouseHook.dll
MOD - [2008/03/05 23:07:06 | 000,012,800 | ---- | M] () -- G:\ABK\shook.dll
MOD - [2007/10/23 10:45:40 | 001,336,632 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
MOD - [2007/03/29 13:17:42 | 000,106,496 | ---- | M] () -- F:\keydll.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/27 13:46:13 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/09 22:29:10 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/07 19:52:16 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/03/07 02:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/07 00:01:28 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\y\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/02/11 10:42:26 | 000,572,928 | ---- | M] () [Auto | Running] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/02/05 18:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/09/23 09:08:44 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
SRV - [2012/07/12 03:15:34 | 000,049,512 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\WINDOWS\system32\fsproflt2.exe -- (fsproflt2)
SRV - [2012/06/11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/04/19 19:05:50 | 000,176,128 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe -- (becldr3Service)
SRV - [2004/03/09 21:26:52 | 000,876,656 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/03/07 02:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/07 02:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/07 02:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/07 02:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/07 02:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/03/07 02:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/07 02:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/07 02:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/01/23 12:13:27 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/23 13:18:32 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/09/18 12:33:00 | 000,043,960 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2012/09/18 12:33:00 | 000,039,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2012/09/18 12:33:00 | 000,030,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2012/09/18 12:32:56 | 000,043,704 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2012/09/18 12:32:56 | 000,012,216 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2012/09/18 12:32:56 | 000,012,216 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/06/04 00:59:14 | 000,051,760 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\FSPFltd2.sys -- (FSProFilter2)
DRV - [2010/07/22 18:13:28 | 000,041,912 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\FSPFltd.sys -- (FSProFilter)
DRV - [2009/08/05 15:16:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2009/05/22 18:37:50 | 005,082,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/08/05 15:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/03/22 12:31:58 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS -- (KMWDFilter)
DRV - [2006/01/04 10:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/08/13 05:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/03/09 21:29:16 | 000,027,664 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2004/03/09 21:29:07 | 000,009,561 | ---- | M] (Ahead Software AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\incdrec.sys -- (InCDrec)
DRV - [2004/03/09 21:29:03 | 000,099,568 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? }

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=UP62
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ncr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = he
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 84 24 FB 38 01 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CCCC0351-2843-479A-91AD-C3DBBF7E4BFB}
IE - HKCU\..\SearchScopes\{5EAB6E80-7F76-408B-8E22-846CCDEAEC67}: "URL" = http://search.softonic.com/INF00001/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=203
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{972F9B5A-66DD-45FE-82BC-A253BE2DB600}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{CCCC0351-2843-479A-91AD-C3DBBF7E4BFB}: "URL" = http://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=9c5f6b9500000000000090 e6ba91e8de&q={searchTerms}&r=812
IE - HKCU\..\SearchScopes\{fe8a5a30-7831-4eb2-a9e7-8402c384c841}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AIC^xdm007^YY^il&si=CLbb1ZKtqLQCF W3KtAod-TYAlQ&ptb=AA69A603-B722-412F-9298-B8387629025B&ind=2012122001&n=77ee8b91&psa=&st=sb& searchfor={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Search Here"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ncr"
FF - prefs.js..extensions.enabledAddons: ffxtlbra%40softonic.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0
FF - prefs.js..extensions.enabledAddons: addon%40defaulttab.com:1.4.4
FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.23.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..sweetim.toolbar.previous.browser.search. selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_60 2_180.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\4.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Mo zillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\np dlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/15 10:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext\ [2013/01/17 14:16:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Fi refox\Ext [2013/01/17 14:16:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2013/03/15 10:26:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/09 22:29:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/11/17 23:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\y\Application Data\Mozilla\Extensions
[2013/03/18 20:13:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\ext ensions
[2013/03/18 20:13:59 | 000,000,000 | ---D | M] (HP Detect) -- C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\ext ensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/11/14 23:23:47 | 000,000,000 | ---D | M] (Freecorder) -- C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\ext ensions\addon@freecorder.com
[2012/11/02 22:33:59 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\ext ensions\ffxtlbr@funmoods.com
[2012/11/14 22:33:31 | 000,000,000 | ---D | M] (softonic.com) -- C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\ext ensions\ffxtlbra@softonic.com
[2013/03/07 00:11:59 | 000,029,601 | ---- | M] () (No name found) -- C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\ext ensions\addon@defaulttab.com.xpi
[2013/01/07 20:44:38 | 000,190,000 | ---- | M] () (No name found) -- C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\ext ensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012/12/21 23:31:38 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\askcom.xml
[2012/11/14 22:33:37 | 000,002,349 | ---- | M] () -- C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\Funmoods.xml
[2013/03/22 19:38:38 | 000,001,977 | ---- | M] () -- C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\search-here.xml
[2012/11/10 14:46:38 | 000,002,687 | ---- | M] () -- C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\Search_Results.xml
[2012/11/02 22:48:15 | 000,002,060 | ---- | M] () -- C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\softonic.xml
[2013/02/02 14:16:32 | 000,001,435 | ---- | M] () -- C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\spamfreesearch.xml
[2012/11/01 21:52:47 | 000,004,008 | ---- | M] () -- C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\sweetim.xml
[2013/03/09 22:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/09 22:29:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/03/09 22:29:11 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/17 23:29:21 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ask.xml
[2013/02/01 21:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/10 14:46:38 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2013/03/02 10:45:42 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
Reply With Quote
  #9  
Old April 3rd, 2013, 07:29 AM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Age: 91
Posts: 486
1000 problems

OTL2

CHR - default_search_provider: search_url = http:\/\/dts.search-results.com\/sr?src=crb&gct=ds&appid=400&systemid=406&apn_dtid= BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5311702031 164093&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http:\/\/www.mysearchresults.com\/?c=3513&t=07
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\Peppe rFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGo ogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf. dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_1\
CHR - Extension: Google = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_1\
CHR - Extension: Freecorder = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpicboiclhmnllnjdcfcffifpo aebgkm\7.0.0.7_0\
CHR - Extension: Freecorder = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpicboiclhmnllnjdcfcffifpo aebgkm\7.0.0.7_1\
CHR - Extension: avast! WebRep = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnp ncnbda\7.0.1474_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjb npdiji\1.3.0_0\
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohch hpekkn\1.2.0.0_0\
CHR - Extension: DefaultTab = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\1.1.19_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcni mhokcj\1.3.0.2_0\
CHR - Extension: Gmail = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_1\
CHR - Extension: YouTube = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_1\
CHR - Extension: Google = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_1\
CHR - Extension: Freecorder = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpicboiclhmnllnjdcfcffifpo aebgkm\7.0.0.7_0\
CHR - Extension: Freecorder = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpicboiclhmnllnjdcfcffifpo aebgkm\7.0.0.7_1\
CHR - Extension: avast! WebRep = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnp ncnbda\7.0.1474_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjb npdiji\1.3.0_0\
CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohch hpekkn\1.2.0.0_0\
CHR - Extension: DefaultTab = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\1.1.19_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcni mhokcj\1.3.0.2_0\
CHR - Extension: Gmail = C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_1\

O1 HOSTS File: ([2008/04/14 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE \rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\y\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\s wg.dll (Google Inc.)
O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension\ScriptHost.dll (freecorder.com)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\26.0.1410.43\npchr ome_frame.dll (Google Inc.)
O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KMCONFIG] F:\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4 - HKCU..\Run: [ABK] G:\ABK\abk.exe ()
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [Magic Boss Key] g:\Magicboss\mgboss.exe -min File not found
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\LaunchU3.exe.lnk = C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O4 - Startup: C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm ()
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1358540402133 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.179.52.100 80.179.55.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{DCCB1AD5-AE9F-46F5-B405-F806C1323547}: DhcpNameServer = 80.179.52.100 80.179.55.100
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\26.0.1410.43\npchr ome_frame.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (דף הבית הנוכחי שלי) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\y\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\y\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/30 11:11:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/08 14:23:49 | 000,000,000 | ---D | M] - F:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2010/10/04 11:57:10 | 000,000,125 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/30 04:45:31 | 000,000,000 | RH-D | M] - H:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 15:56:50 | 000,000,036 | RH-- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/02 17:40:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\y\שולחן העבודה\OTL.exe
[2013/04/02 17:30:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\y\Recent
[2013/04/01 13:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\y\Application Data\Systweak
[2013/04/01 13:48:50 | 000,018,776 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\WINDOWS\System32\roboot.exe
[2013/03/30 21:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2013/03/30 09:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2013/03/29 16:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\Google Earth
[2013/03/28 23:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\y\Application Data\MindGems
[2013/03/26 23:58:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/03/26 23:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2013/03/22 19:44:39 | 000,000,000 | ---D | C] -- C:\foboko
[2013/03/20 13:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\FreeKapture
[2013/03/20 13:24:23 | 000,000,000 | ---D | C] -- C:\Program Files\TSoft
[2013/03/19 14:13:32 | 000,000,000 | ---D | C] -- C:\swsetup
[2013/03/19 13:23:56 | 000,000,000 | ---D | C] -- C:\Printer
[2013/03/15 10:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\y\Application Data\EmTec
[2013/03/15 10:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\MailBell
[2013/03/15 10:50:43 | 000,000,000 | ---D | C] -- C:\Program Files\MailBell
[2013/03/15 10:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\y\Application Data\RoboForm
[2013/03/15 10:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2013/03/15 10:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\avast! EasyPass
[2013/03/15 10:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\y\My Documents\My Avast EasyPass Data
[2013/03/15 10:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2013/03/15 10:21:57 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/03/11 18:33:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\y\My Documents\stats
[2013/03/09 22:41:38 | 001,004,888 | ---- | C] (Solid State Networks) -- C:\Documents and Settings\y\My Documents\install_flashplayer11x32ax_gtbp_chra_aih .exe
[2013/03/09 22:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/09 18:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2013/03/09 18:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\af0.net
[2013/03/08 18:24:34 | 001,646,288 | ---- | C] (Irfan Skiljan) -- C:\Program Files\iview435_setup.exe
[2013/03/07 20:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/03/07 20:25:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/03/07 00:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\y\תפריט התחלה\תוכניות\McAfee.com
[2013/03/07 00:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\VisualTrace
[2013/03/07 00:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultTab
[2013/03/07 00:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\y\Application Data\DefaultTab
[2013/03/07 00:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\y\תפריט התחלה\תוכניות\NeoTrace Pro
[2013/03/07 00:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\NeoTracePro
[2013/03/04 23:42:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/01/20 21:02:32 | 008,036,352 | ---- | C] (Irfan Skiljan) -- C:\Program Files\irfanview_plugins_425_setup.exe
[2009/12/14 21:36:46 | 016,832,288 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u17-windows-i586-s.exe
[2009/12/09 13:45:31 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc70.dll
[44 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\y\My Documents\*.tmp files -> C:\Documents and Settings\y\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/02 17:40:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\y\שולחן העבודה\OTL.exe
[2013/04/02 17:33:32 | 000,494,592 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/02 17:33:32 | 000,398,110 | ---- | M] () -- C:\WINDOWS\System32\perfh00d.dat
[2013/04/02 17:33:32 | 000,084,944 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/02 17:33:32 | 000,084,922 | ---- | M] () -- C:\WINDOWS\System32\perfc00d.dat
[2013/04/02 17:30:38 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/04/02 17:29:19 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\LaunchU3.exe.lnk
[2013/04/02 17:29:18 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/02 17:29:16 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/04/02 17:29:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/02 13:27:01 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/02 13:14:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/02 11:44:51 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/01 21:55:20 | 000,001,546 | ---- | M] () -- C:\WINDOWS\ULead.ini
[2013/04/01 18:00:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2013/04/01 13:59:09 | 000,081,240 | ---- | M] () -- C:\Documents and Settings\y\My Documents\Regscan1.jpg
[2013/04/01 13:54:02 | 000,054,160 | ---- | M] () -- C:\Documents and Settings\y\My Documents\Regscan3.jpg
[2013/04/01 13:51:51 | 000,073,338 | ---- | M] () -- C:\Documents and Settings\y\My Documents\Regscan2.jpg
[2013/03/30 21:13:37 | 000,155,815 | ---- | M] () -- C:\WINDOWS\hpoins14.dat
[2013/03/30 21:04:02 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\HP Digital Imaging Monitor.lnk
[2013/03/30 13:30:11 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\y\שולחן העבודה\Microsoft Fix*it.url
[2013/03/30 12:26:17 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\y\שולחן העבודה\WordBrowser995.lnk
[2013/03/30 09:18:02 | 000,002,001 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2013/03/30 09:16:41 | 000,000,029 | ---- | M] () -- C:\WINDOWS\QFAX.INI
[2013/03/29 22:47:13 | 000,155,073 | ---- | M] () -- C:\WINDOWS\hpoins14.dat.temp
[2013/03/29 19:21:40 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTas kS-1-5-21-1409082233-1547161642-1801674531-1004.job
[2013/03/28 23:32:33 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\y\My Documents\bosskey.ini
[2013/03/27 13:37:35 | 001,487,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/26 00:07:18 | 000,000,507 | ---- | M] () -- C:\WINDOWS\ulead32.ini
[2013/03/24 00:08:13 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\שולחן העבודה\CCleaner.lnk
[2013/03/23 11:23:47 | 000,000,574 | ---- | M] () -- C:\WINDOWS\CDPHOTO.INI
[2013/03/20 13:24:24 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\שולחן העבודה\FreeKapture.lnk
[2013/03/20 13:23:35 | 000,884,811 | ---- | M] () -- C:\fk.zip
[2013/03/18 23:35:08 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\y\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/15 10:51:11 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\y\שולחן העבודה\MailBell.LNK
[2013/03/15 10:21:57 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/03/09 22:41:45 | 001,004,888 | ---- | M] (Solid State Networks) -- C:\Documents and Settings\y\My Documents\install_flashplayer11x32ax_gtbp_chra_aih .exe
[2013/03/09 18:31:11 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\שולחן העבודה\Defraggler.lnk
[2013/03/08 18:25:35 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\y\Application Data\Microsoft\Internet Explorer\Quick Launch\IrfanView.lnk
[2013/03/08 18:24:37 | 001,646,288 | ---- | M] (Irfan Skiljan) -- C:\Program Files\iview435_setup.exe
[2013/03/08 09:53:35 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\y\Application Data\Microsoft\Internet Explorer\Quick Launch\WINWORD (2).lnk
[2013/03/08 09:53:26 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\y\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Commander (2).lnk
[2013/03/07 20:32:56 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\y\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/07 02:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/03/07 02:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/03/07 02:33:24 | 000,164,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/07 02:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/03/07 02:33:24 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/03/07 02:33:24 | 000,049,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/03/07 02:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/03/07 02:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/03/07 02:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/03/07 02:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/03/07 00:22:00 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\y\שולחן העבודה\McAfee Visual Trace.lnk
[2013/03/07 00:00:31 | 001,645,434 | ---- | M] () -- C:\Documents and Settings\y\שולחן העבודה\NeoTraceProTrial325.exe
[44 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\y\My Documents\*.tmp files -> C:\Documents and Settings\y\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/01 13:59:09 | 000,081,240 | ---- | C] () -- C:\Documents and Settings\y\My Documents\Regscan1.jpg
[2013/04/01 13:54:02 | 000,054,160 | ---- | C] () -- C:\Documents and Settings\y\My Documents\Regscan3.jpg
[2013/04/01 13:51:51 | 000,073,338 | ---- | C] () -- C:\Documents and Settings\y\My Documents\Regscan2.jpg
[2013/04/01 10:13:35 | 000,000,484 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/03/30 21:04:02 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\HP Digital Imaging Monitor.lnk
[2013/03/29 22:47:11 | 000,155,815 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2013/03/29 22:47:10 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2013/03/28 23:31:12 | 000,009,728 | ---- | C] ( ) -- C:\Documents and Settings\y\My Documents\bosskey.exe
[2013/03/28 23:31:12 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\y\My Documents\bosskey.ini
[2013/03/26 22:56:29 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\Adobe Photoshop Elements 11.lnk
[2013/03/26 00:08:48 | 000,281,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/03/20 13:24:24 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\שולחן העבודה\FreeKapture.lnk
[2013/03/20 13:23:34 | 000,884,811 | ---- | C] () -- C:\fk.zip
[2013/03/15 10:51:11 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\y\שולחן העבודה\MailBell.LNK
[2013/03/15 10:21:58 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/15 10:21:57 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/03/09 18:31:11 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\שולחן העבודה\Defraggler.lnk
[2013/03/08 18:25:35 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\y\Application Data\Microsoft\Internet Explorer\Quick Launch\IrfanView.lnk
[2013/03/08 09:53:35 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\y\Application Data\Microsoft\Internet Explorer\Quick Launch\WINWORD (2).lnk
[2013/03/08 09:53:26 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\y\Application Data\Microsoft\Internet Explorer\Quick Launch\Total Commander (2).lnk
[2013/03/07 20:32:56 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\y\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/07 20:32:56 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\y\תפריט התחלה\תוכניות\Internet Explorer.lnk
[2013/03/07 00:07:34 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\y\שולחן העבודה\McAfee Visual Trace.lnk
[2013/03/07 00:00:25 | 001,645,434 | ---- | C] () -- C:\Documents and Settings\y\שולחן העבודה\NeoTraceProTrial325.exe
[2013/01/23 12:13:27 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/11/12 23:31:51 | 000,000,177 | ---- | C] () -- C:\Documents and Settings\y\bosskey.ini
[2012/11/11 00:14:33 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/11/03 11:15:57 | 000,000,586 | ---- | C] () -- C:\WINDOWS\ClockTraySkins.ini
[2012/11/01 20:24:52 | 000,000,314 | ---- | C] () -- C:\WINDOWS\atomcl.ini
[2012/09/21 19:35:35 | 000,000,113 | ---- | C] () -- C:\WINDOWS\mgboss_reg.ini
[2012/09/21 19:35:05 | 000,000,021 | ---- | C] () -- C:\WINDOWS\mgboss_win.ini
[2012/03/18 22:36:35 | 000,002,461 | ---- | C] () -- C:\WINDOWS\extend.dat
[2012/02/17 15:12:20 | 156,666,888 | ---- | C] () -- C:\Documents and Settings\y\OOo_3.3.0_Win_x86_install-wJRE_he.exe
[2012/02/15 23:39:44 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\y\Application Data\.backup.dm
[2011/06/30 10:44:43 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/06/30 10:44:42 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/04/09 11:13:28 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2011/04/09 11:13:28 | 000,121,344 | ---- | C] () -- C:\WINDOWS\System32\Ltpnt13n.dll
[2011/04/09 11:13:28 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2010/06/15 14:34:59 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\y\Application Data\AtomicAlarmClock.ini
[2010/06/15 14:29:10 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\y\Application Data\ClockTraySkins.ini
[2010/06/09 19:55:59 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\y\Application Data\usb.dat.bin
[2010/02/24 18:33:05 | 000,000,990 | -HS- | C] () -- C:\Documents and Settings\y\Application Data\systemfl.$dk
[2010/01/23 23:05:13 | 003,332,150 | ---- | C] () -- C:\Documents and Settings\y\choveret.pdf
[2010/01/20 21:04:02 | 006,041,050 | ---- | C] () -- C:\Program Files\iv_formats[1].zip
[2009/12/27 15:06:24 | 004,998,707 | ---- | C] () -- C:\Program Files\flvplayer_setup.exe
[2009/12/17 15:03:24 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\y\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/14 21:36:47 | 003,387,059 | ---- | C] () -- C:\Program Files\PDFshrink_w45.exe

========== ZeroAccess Check ==========

[2012/11/14 23:26:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:17:30 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:53:33 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:17:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/17 23:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2012/10/09 13:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/10/09 20:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/10/11 19:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2011/08/23 13:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/11/10 14:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2013/03/30 09:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2012/10/09 21:21:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/12/22 10:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverGenius
[2012/10/11 20:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/11/17 23:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/12/24 21:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2013/04/02 13:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2013/03/02 23:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2013/03/26 23:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2013/03/15 10:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2012/11/10 23:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/11/10 23:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2010/04/21 22:11:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\y\Application Data\.#
[2009/12/13 19:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\Advanced Browser
[2009/12/19 21:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\Apago
[2013/03/30 21:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\Applian FLV and Media Player
[2012/10/17 23:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\Ask.com
[2012/10/09 21:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\AVG2013
[2011/08/23 13:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\Babylon
[2013/03/07 00:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\DefaultTab
[2012/10/16 17:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\DriverCure
[2013/03/15 10:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\EmTec
[2012/11/26 18:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\FileZilla
[2012/11/02 22:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\Funmoods
[2010/08/12 22:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\GHISLER
[2012/10/17 18:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\Leadertech
[2013/03/28 23:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\MindGems
[2013/01/16 00:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\OpenCandy
[2012/02/17 19:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\OpenOffice.org
[2012/11/17 22:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\ParetoLogic
[2012/10/16 17:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\PC Utility Kit
[2013/02/16 13:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\Pdf2Word
[2009/12/09 19:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\pdf995
[2013/02/02 14:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\PolyEdit Lite
[2013/03/15 10:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\RoboForm
[2010/07/22 19:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\Scan2PDF
[2012/10/17 23:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\searchresultstb
[2012/11/10 23:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\SpeedyPC Software
[2013/04/02 12:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\Systweak
[2012/10/09 21:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\TuneUp Software
[2012/11/17 19:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\WinBatch
[2012/09/20 23:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\y\Application Data\XnView

========== Purity Check ==========
Reply With Quote
  #10  
Old April 3rd, 2013, 07:33 AM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Age: 91
Posts: 486
I hope that everything is there
Reply With Quote
  #11  
Old April 3rd, 2013, 11:29 AM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,431
A lot to do, let's start some repairs.

Run all these tools one by one, no need to post the log from tool 1 and wait for further instructions, just run them all one by one and post all logfiles in one answer (you can use several posts for that)

If you have any problems or questions stop and feel free to ask



Download RogueKiller to your desktop
  1. Quit all running programs
  2. For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  3. When prompted, type 1 and validate
  4. The RKreport.txt shall be generated next to the executable.
  5. If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

After that, please re-run the tool with option 2.




Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.



  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.




Next, download ComboFix Save to the Desktop
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.
Please provide the contents of the ComboFix report in your reply.
Reply With Quote
  #12  
Old April 3rd, 2013, 07:43 PM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Age: 91
Posts: 486
now the combofix requires deactivate Avast Antivirus and I find no option there to do it. please advise
and here the reports
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : y [Admin rights]
Mode : Scan -- Date : 04/03/2013 20:42:37
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-00L9A0 +++++
--- User ---
[MBR] d563c13e87b2efe0d03be198a48abc8b
[BSP] 0219c6a027e6510fdd3b22deadbd0be7 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 74998 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 153597465 | Size: 230236 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SanDisk Cruzer Blade USB Device +++++
--- User ---
[MBR] 659cd89007d3026cf8251ab66a999f1b
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 3818 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: WD Elements 1023 USB Device +++++
--- User ---
[MBR] 691dc1116449eeb535b637dc581b3fb8
[BSP] 58bfbdede1811b9dfc5b354815058d53 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_04032013_02d2042.txt >>
RKreport[1]_S_04032013_02d2042.txt



RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : y [Admin rights]
Mode : Scan -- Date : 04/03/2013 20:45:42
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-00L9A0 +++++
--- User ---
[MBR] d563c13e87b2efe0d03be198a48abc8b
[BSP] 0219c6a027e6510fdd3b22deadbd0be7 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 74998 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 153597465 | Size: 230236 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SanDisk Cruzer Blade USB Device +++++
--- User ---
[MBR] 659cd89007d3026cf8251ab66a999f1b
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 3818 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: WD Elements 1023 USB Device +++++
--- User ---
[MBR] 691dc1116449eeb535b637dc581b3fb8
[BSP] 58bfbdede1811b9dfc5b354815058d53 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_S_04032013_02d2045.txt >>
RKreport[1]_S_04032013_02d2042.txt ; RKreport[2]_S_04032013_02d2045.txt

# AdwCleaner v2.200 - Logfile created 04/03/2013 at 20:58:17
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : y - IDR-4F4EA6FAA7A
# Boot Mode : Normal
# Running from : C:\Documents and Settings\y\My Documents\CLEANING\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohch hpekkn
Deleted on reboot : C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc
Deleted on reboot : C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcni mhokcj
File Deleted : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\ext ensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\ext ensions\addon@defaulttab.com.xpi
File Deleted : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\funmoods.xml
File Deleted : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\Search_Results.xml
File Deleted : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\search-here.xml
File Deleted : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\softonic.xml
File Deleted : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\spamfreesearch.xml
File Deleted : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\SweetIm.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\ask.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\user.js
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM
Folder Deleted : C:\Documents and Settings\y\Application Data\Ask.com
Folder Deleted : C:\Documents and Settings\y\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\y\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\y\Application Data\Funmoods
Folder Deleted : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\ext ensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\ext ensions\ffxtlbra@softonic.com
Folder Deleted : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\Swe etPacksToolbarData
Folder Deleted : C:\Documents and Settings\y\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\y\Application Data\searchresultstb
Folder Deleted : C:\Documents and Settings\y\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\y\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\y\Local Settings\Application Data\Ilivid
Folder Deleted : C:\Program Files\DefaultTab

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18 BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18 BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolba rurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolba rurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieil jkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedg pfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabap hcakpiclgcnmcnimhokcj
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilividtoolbarguid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\searchresults1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Search Results Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Sha redDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Sha redDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\pre fs.js

C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\use r.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("extensions.Softonic.admin", false);
Deleted : user_pref("extensions.Softonic.aflt", "SD");
Deleted : user_pref("extensions.Softonic.autoRvrt", "false");
Deleted : user_pref("extensions.Softonic.cntry", "IL");
Deleted : user_pref("extensions.Softonic.cv", "cv5");
Deleted : user_pref("extensions.Softonic.dfltLng", "");
Deleted : user_pref("extensions.Softonic.dfltSrch", true);
Deleted : user_pref("extensions.Softonic.dfltlng", "en");
Deleted : user_pref("extensions.Softonic.dfltsrch", true);
Deleted : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
Deleted : user_pref("extensions.Softonic.dspOld", "Funmoods");
Deleted : user_pref("extensions.Softonic.envrmnt", "production");
Deleted : user_pref("extensions.Softonic.excTlbr", false);
Deleted : user_pref("extensions.Softonic.gingeruserid", "5807ceaf-b3f1-422a-8d98-34bee91644cc");
Deleted : user_pref("extensions.Softonic.hdrMd5", "B68441AAE5E6B58F5E671F90FF653198");
Deleted : user_pref("extensions.Softonic.hmpg", true);
Deleted : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/INF00001/tb_v1?SearchSource=13&[...]
Deleted : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/INF00001/tb_v1?SearchSource=13&cc[...]
Deleted : user_pref("extensions.Softonic.hpOld", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2[...]
Deleted : user_pref("extensions.Softonic.hrdid", "9c5f6b9500000000000090e6ba91e8de");
Deleted : user_pref("extensions.Softonic.id", "9c5f6b9500000000000090e6ba91e8de");
Deleted : user_pref("extensions.Softonic.instlDay", "15646");
Deleted : user_pref("extensions.Softonic.instlRef", "INF00001");
Deleted : user_pref("extensions.Softonic.instlday", "15646");
Deleted : user_pref("extensions.Softonic.instlref", "INF00001");
Deleted : user_pref("extensions.Softonic.isdcmntcmplt", "false");
Deleted : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/INF00001/tb_v1?SearchSource=[...]
Deleted : user_pref("extensions.Softonic.keywordurl", "hxxp://search.softonic.com/INF00001/tb_v1?SearchSource=[...]
Deleted : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.421:48:32");
Deleted : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.Softonic.monitorreport", true);
Deleted : user_pref("extensions.Softonic.newTab", true);
Deleted : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/INF00001/tb_v1?SearchSource=1[...]
Deleted : user_pref("extensions.Softonic.newtab", true);
Deleted : user_pref("extensions.Softonic.newtaburl", "hxxp://search.softonic.com/INF00001/tb_v1?SearchSource=1[...]
Deleted : user_pref("extensions.Softonic.prdct", "Softonic");
Deleted : user_pref("extensions.Softonic.propectorlck", 91481625);
Deleted : user_pref("extensions.Softonic.prtnrId", "softonic");
Deleted : user_pref("extensions.Softonic.prtnrid", "softonic");
Deleted : user_pref("extensions.Softonic.radiomystations", "[{\"id\":\"1880\",\"name\":\"Kol HaYam HaAdom 102F[...]
Deleted : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Deleted : user_pref("extensions.Softonic.savedVrsnTs", "1");
Deleted : user_pref("extensions.Softonic.sg", "az");
Deleted : user_pref("extensions.Softonic.smplGrp", "none");
Deleted : user_pref("extensions.Softonic.smplgrp", "none");
Deleted : user_pref("extensions.Softonic.srch", "");
Deleted : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Deleted : user_pref("extensions.Softonic.srchprvdr", "Search the web (Softonic)");
Deleted : user_pref("extensions.Softonic.tlbrId", "base");
Deleted : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/INF00001/tb_v1?SearchSource[...]
Deleted : user_pref("extensions.Softonic.tlbrid", "base");
Deleted : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/INF00001/tb_v1?SearchSource[...]
Deleted : user_pref("extensions.Softonic.vrsn", "1.6.7.4");
Deleted : user_pref("extensions.Softonic.vrsnTs", "1.6.7.421:48:32");
Deleted : user_pref("extensions.Softonic.vrsni", "1.6.7.4");
Deleted : user_pref("extensions.Softonic.vrsnts", "1.6.7.421:48:32");
Deleted : user_pref("extensions.Softonic_i.dnsErr", true);
Deleted : user_pref("extensions.Softonic_i.hmpg", true);
Deleted : user_pref("extensions.Softonic_i.newTab", true);
Deleted : user_pref("extensions.Softonic_i.smplGrp", "none");
Deleted : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.421:48:32");
Deleted : user_pref("extensions.enabledAddons", "ffxtlbra%40softonic.com:1.6.0,%7BEEE6C361-6118-11DC-9C72-0013[...]
Deleted : user_pref("extensions.funmoods.aflt", "download");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...]
Deleted : user_pref("extensions.funmoods.id", "90E6BA91E8DE6B95");
Deleted : user_pref("extensions.funmoods.instlDay", "15646");
Deleted : user_pref("extensions.funmoods.instlRef", "download");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2221:33:55");
Deleted : user_pref("extensions.spamfreesearch.hmpgUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u[...]
Deleted : user_pref("extensions.spamfreesearch.keyWordUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=[...]
Deleted : user_pref("extensions.spamfreesearch.prtnrId", "blekko");
Deleted : user_pref("extensions.spamfreesearch.srchPrvdr", "blekko");
Deleted : user_pref("extensions.spamfreesearch.tlbrSrchUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=main&u[...]
Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSetting s", "true");
Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGu ardLastUnHide", "1363460275352");
Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays ", "7");
Deleted : user_pref("sweetim.toolbar.cargo", "3.1010000.10002");
Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enab le", "true");
Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable" , "true");
Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enabl e", "true");
Deleted : user_pref("sweetim.toolbar.cda.returnValue", "hide");
Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0") ;
Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable" , "false");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.M inReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.File Name", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxF ileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinR eportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.newtab.created", "true");
Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
Deleted : user_pref("sweetim.toolbar.previous.browser.search .selectedEngine", "Ask.com");
Deleted : user_pref("sweetim.toolbar.previous.browser.startu p.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv ", "true");
Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv ", "true");
Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv ", "false");
Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history", "%D7%A7%D7%99%D7%A8%D7%A7%D7%94");
Deleted : user_pref("sweetim.toolbar.search.history.capacity ", "10");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Deleted : user_pref("sweetim.toolbar.searchguard.initialized _by_rc", "true");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{09319741-2371-11E2-8606-958CA0E2180A}");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={0931[...]
Deleted : user_pref("sweetim.toolbar.version", "1.9.0.0");

-\\ Google Chrome v26.0.1410.43

File : C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.29] : search_url = "hxxp:\/\/dts.search-results.com\/sr?src=crb&gct=ds&appid=400&systemid=406&apn_d[...]
Deleted [l.2151] : urls_to_restore_on_startup = [ "hxxp:\/\/blekko.com\/ws\/?source=5f97ddbe&tbp=homepage&u=9c5f[...]

*************************

AdwCleaner[R1].txt - [25855 octets] - [03/04/2013 20:52:50]
AdwCleaner[R2].txt - [25916 octets] - [03/04/2013 20:53:37]
AdwCleaner[R3].txt - [25977 octets] - [03/04/2013 20:55:59]
AdwCleaner[R4].txt - [26045 octets] - [03/04/2013 20:57:07]
AdwCleaner[S1].txt - [422 octets] - [03/04/2013 20:56:39]
AdwCleaner[S2].txt - [26462 octets] - [03/04/2013 20:58:17]

########## EOF - C:\AdwCleaner[S2].txt - [26523 octets] ##########
Reply With Quote
  #13  
Old April 3rd, 2013, 07:44 PM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Age: 91
Posts: 486
# AdwCleaner v2.200 - Logfile created 04/03/2013 at 20:57:07
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : y - IDR-4F4EA6FAA7A
# Boot Mode : Normal
# Running from : C:\Documents and Settings\y\My Documents\CLEANING\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\ext ensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Found : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\ext ensions\addon@defaulttab.com.xpi
File Found : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\ext ensions\addon@defaulttab.com.xpi
File Found : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\Askcom.xml
File Found : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\funmoods.xml
File Found : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\Search_Results.xml
File Found : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\search-here.xml
File Found : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\softonic.xml
File Found : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\spamfreesearch.xml
File Found : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\sea rchplugins\SweetIm.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\ask.xml
File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\user.js
Folder Found : C:\Documents and Settings\All Users\Application Data\APN
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Found : C:\Documents and Settings\All Users\Application Data\SweetIM
Folder Found : C:\Documents and Settings\y\Application Data\Ask.com
Folder Found : C:\Documents and Settings\y\Application Data\Babylon
Folder Found : C:\Documents and Settings\y\Application Data\DefaultTab
Folder Found : C:\Documents and Settings\y\Application Data\Funmoods
Folder Found : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\ext ensions\ffxtlbr@funmoods.com
Folder Found : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\ext ensions\ffxtlbra@softonic.com
Folder Found : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\Swe etPacksToolbarData
Folder Found : C:\Documents and Settings\y\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\y\Application Data\searchresultstb
Folder Found : C:\Documents and Settings\y\Local Settings\Application Data\APN
Folder Found : C:\Documents and Settings\y\Local Settings\Application Data\Babylon
Folder Found : C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohch hpekkn
Folder Found : C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc
Folder Found : C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcni mhokcj
Folder Found : C:\Documents and Settings\y\Local Settings\Application Data\Ilivid
Folder Found : C:\Program Files\DefaultTab

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Babylon
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Found : HKLM\SOFTWARE\Classes\f
Key Found : HKLM\Software\Classes\Installer\Features\90C64EA18 BA25EE488BF80DCF07F2FFD
Key Found : HKLM\Software\Classes\Installer\Products\90C64EA18 BA25EE488BF80DCF07F2FFD
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolba rurlsearchhook
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolba rurlsearchhook.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Funmoods
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieil jkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedg pfiiedeimiebkmbilgmlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabap hcakpiclgcnmcnimhokcj
Key Found : HKLM\Software\iLividSRTB
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilividtoolbarguid
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\searchresults1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Search Results Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Sha redDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Sha redDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\pre fs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("extensions.Softonic.admin", false);
Found : user_pref("extensions.Softonic.aflt", "SD");
Found : user_pref("extensions.Softonic.autoRvrt", "false");
Found : user_pref("extensions.Softonic.cntry", "IL");
Found : user_pref("extensions.Softonic.cv", "cv5");
Found : user_pref("extensions.Softonic.dfltLng", "");
Found : user_pref("extensions.Softonic.dfltSrch", true);
Found : user_pref("extensions.Softonic.dfltlng", "en");
Found : user_pref("extensions.Softonic.dfltsrch", true);
Found : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
Found : user_pref("extensions.Softonic.dspOld", "Funmoods");
Found : user_pref("extensions.Softonic.envrmnt", "production");
Found : user_pref("extensions.Softonic.excTlbr", false);
Found : user_pref("extensions.Softonic.gingeruserid", "5807ceaf-b3f1-422a-8d98-34bee91644cc");
Found : user_pref("extensions.Softonic.hdrMd5", "B68441AAE5E6B58F5E671F90FF653198");
Found : user_pref("extensions.Softonic.hmpg", true);
Found : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/INF00001/tb_v1?SearchSource=13&[...]
Found : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/INF00001/tb_v1?SearchSource=13&cc[...]
Found : user_pref("extensions.Softonic.hpOld", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2[...]
Found : user_pref("extensions.Softonic.hrdid", "9c5f6b9500000000000090e6ba91e8de");
Found : user_pref("extensions.Softonic.id", "9c5f6b9500000000000090e6ba91e8de");
Found : user_pref("extensions.Softonic.instlDay", "15646");
Found : user_pref("extensions.Softonic.instlRef", "INF00001");
Found : user_pref("extensions.Softonic.instlday", "15646");
Found : user_pref("extensions.Softonic.instlref", "INF00001");
Found : user_pref("extensions.Softonic.isdcmntcmplt", "false");
Found : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/INF00001/tb_v1?SearchSource=[...]
Found : user_pref("extensions.Softonic.keywordurl", "hxxp://search.softonic.com/INF00001/tb_v1?SearchSource=[...]
Found : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.421:48:32");
Found : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
Found : user_pref("extensions.Softonic.monitorreport", true);
Found : user_pref("extensions.Softonic.newTab", true);
Found : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/INF00001/tb_v1?SearchSource=1[...]
Found : user_pref("extensions.Softonic.newtab", true);
Found : user_pref("extensions.Softonic.newtaburl", "hxxp://search.softonic.com/INF00001/tb_v1?SearchSource=1[...]
Found : user_pref("extensions.Softonic.prdct", "Softonic");
Found : user_pref("extensions.Softonic.propectorlck", 91481625);
Found : user_pref("extensions.Softonic.prtnrId", "softonic");
Found : user_pref("extensions.Softonic.prtnrid", "softonic");
Found : user_pref("extensions.Softonic.radiomystations", "[{\"id\":\"1880\",\"name\":\"Kol HaYam HaAdom 102F[...]
Found : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Found : user_pref("extensions.Softonic.savedVrsnTs", "1");
Found : user_pref("extensions.Softonic.sg", "az");
Found : user_pref("extensions.Softonic.smplGrp", "none");
Found : user_pref("extensions.Softonic.smplgrp", "none");
Found : user_pref("extensions.Softonic.srch", "");
Found : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Found : user_pref("extensions.Softonic.srchprvdr", "Search the web (Softonic)");
Found : user_pref("extensions.Softonic.tlbrId", "base");
Found : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/INF00001/tb_v1?SearchSource[...]
Found : user_pref("extensions.Softonic.tlbrid", "base");
Found : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/INF00001/tb_v1?SearchSource[...]
Found : user_pref("extensions.Softonic.vrsn", "1.6.7.4");
Found : user_pref("extensions.Softonic.vrsnTs", "1.6.7.421:48:32");
Found : user_pref("extensions.Softonic.vrsni", "1.6.7.4");
Found : user_pref("extensions.Softonic.vrsnts", "1.6.7.421:48:32");
Found : user_pref("extensions.Softonic_i.dnsErr", true);
Found : user_pref("extensions.Softonic_i.hmpg", true);
Found : user_pref("extensions.Softonic_i.newTab", true);
Found : user_pref("extensions.Softonic_i.smplGrp", "none");
Found : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.421:48:32");
Found : user_pref("extensions.enabledAddons", "ffxtlbra%40softonic.com:1.6.0,%7BEEE6C361-6118-11DC-9C72-0013[...]
Found : user_pref("extensions.funmoods.aflt", "download");
Found : user_pref("extensions.funmoods.autoRvrt", false);
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hmpg", true);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...]
Found : user_pref("extensions.funmoods.id", "90E6BA91E8DE6B95");
Found : user_pref("extensions.funmoods.instlDay", "15646");
Found : user_pref("extensions.funmoods.instlRef", "download");
Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...]
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...]
Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2221:33:55");
Found : user_pref("extensions.spamfreesearch.hmpgUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u[...]
Found : user_pref("extensions.spamfreesearch.keyWordUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=[...]
Found : user_pref("extensions.spamfreesearch.prtnrId", "blekko");
Found : user_pref("extensions.spamfreesearch.srchPrvdr", "blekko");
Found : user_pref("extensions.spamfreesearch.tlbrSrchUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=main&u[...]
Found : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Found : user_pref("sweetim.toolbar.UserSelectedSaveSetting s", "true");
Found : user_pref("sweetim.toolbar.Visibility.VisibilityGu ardLastUnHide", "1363460275352");
Found : user_pref("sweetim.toolbar.Visibility.enable", "true");
Found : user_pref("sweetim.toolbar.Visibility.intervaldays ", "7");
Found : user_pref("sweetim.toolbar.cargo", "3.1010000.10002");
Found : user_pref("sweetim.toolbar.cda.DisableOveride.enab le", "true");
Found : user_pref("sweetim.toolbar.cda.HideOveride.enable" , "true");
Found : user_pref("sweetim.toolbar.cda.RemoveOveride.enabl e", "true");
Found : user_pref("sweetim.toolbar.cda.returnValue", "hide");
Found : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Found : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Found : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Found : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Found : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Found : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Found : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Found : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Found : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Found : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Found : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Found : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Found : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Found : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Found : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Found : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Found : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Found : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Found : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Found : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Found : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Found : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0") ;
Found : user_pref("sweetim.toolbar.keywordUrlGuard.enable" , "false");
Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.M inReportLevel", "7");
Found : user_pref("sweetim.toolbar.logger.FileHandler.File Name", "ff-toolbar.log");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxF ileSize", "200000");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MinR eportLevel", "7");
Found : user_pref("sweetim.toolbar.mode.debug", "false");
Found : user_pref("sweetim.toolbar.newtab.created", "true");
Found : user_pref("sweetim.toolbar.newtab.enable", "true");
Found : user_pref("sweetim.toolbar.previous.browser.search .selectedEngine", "Ask.com");
Found : user_pref("sweetim.toolbar.previous.browser.startu p.homepage", "");
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Found : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Found : user_pref("sweetim.toolbar.scripts.0.addcontextdiv ", "true");
Found : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Found : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Found : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Found : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Found : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Found : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Found : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Found : user_pref("sweetim.toolbar.scripts.1.addcontextdiv ", "true");
Found : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Found : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Found : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Found : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Found : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Found : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Found : user_pref("sweetim.toolbar.scripts.2.addcontextdiv ", "false");
Found : user_pref("sweetim.toolbar.scripts.2.callback", "");
Found : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Found : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Found : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Found : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Found : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Found : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Found : user_pref("sweetim.toolbar.search.history", "%D7%A7%D7%99%D7%A8%D7%A7%D7%94");
Found : user_pref("sweetim.toolbar.search.history.capacity ", "10");
Found : user_pref("sweetim.toolbar.searchguard.enable", "false");
Found : user_pref("sweetim.toolbar.searchguard.initialized _by_rc", "true");
Found : user_pref("sweetim.toolbar.simapp_id", "{09319741-2371-11E2-8606-958CA0E2180A}");
Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={0931[...]
Found : user_pref("sweetim.toolbar.version", "1.9.0.0");

-\\ Google Chrome v26.0.1410.43

File : C:\Documents and Settings\y\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.29] : search_url = "hxxp:\/\/dts.search-results.com\/sr?src=crb&gct=ds&appid=400&systemid=406&apn_dtid= BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5311702031 164093&q={searchTerms}",
Found [l.2151] : urls_to_restore_on_startup = [ "hxxp:\/\/blekko.com\/ws\/?source=5f97ddbe&tbp=homepage&u=9c5f6b950000000000 0090e6ba91e8de" ]

*************************

AdwCleaner[R1].txt - [25855 octets] - [03/04/2013 20:52:50]
AdwCleaner[R2].txt - [25916 octets] - [03/04/2013 20:53:37]
AdwCleaner[R3].txt - [25977 octets] - [03/04/2013 20:55:59]
AdwCleaner[R4].txt - [25855 octets] - [03/04/2013 20:57:07]
AdwCleaner[S1].txt - [422 octets] - [03/04/2013 20:56:39]

########## EOF - C:\AdwCleaner[R4].txt - [25975 octets] ##########
Reply With Quote
  #14  
Old April 3rd, 2013, 08:32 PM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,431
Please rightclick the avast icon in the systemtray, go to the protection tab, there you can disable it
Reply With Quote
  #15  
Old April 3rd, 2013, 09:20 PM
idr idr is offline
Senior Member
 
Join Date: Oct 2002
Location: Israel
Age: 91
Posts: 486
1000 problems

combofix report
ComboFix 13-04-02.01 - y 04/03/2013 23:04:45.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1255.972.1037.18.2013.1416 [GMT 3:00]
Running from: c:\documents and settings\y\My Documents\CLEANING\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\LaunchU3.exe.lnk
c:\documents and settings\y\Application Data\.#
c:\documents and settings\y\My Documents\~WRL3249.tmp
c:\documents and settings\y\OOo_3.3.0_Win_x86_install-wJRE_he.exe
c:\documents and settings\y\WINDOWS
c:\program files\Internet Explorer\SET6A.tmp
c:\program files\Internet Explorer\SET6B.tmp
c:\program files\Internet Explorer\SET6C.tmp
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-1409082233-1547161642-1801674531-1004(2)\INFO2
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\jgaw400.dll
c:\windows\system32\SET73.tmp
c:\windows\system32\SET74.tmp
c:\windows\system32\SET75.tmp
c:\windows\system32\SET76.tmp
c:\windows\system32\SET77.tmp
c:\windows\system32\SET78.tmp
c:\windows\system32\SET79.tmp
c:\windows\system32\SET7A.tmp
c:\windows\system32\SET7B.tmp
c:\windows\system32\SET7D.tmp
c:\windows\system32\SET7E.tmp
c:\windows\system32\SET7F.tmp
c:\windows\system32\SET80.tmp
c:\windows\system32\SET81.tmp
c:\windows\system32\SET83.tmp
c:\windows\system32\SET84.tmp
c:\windows\system32\SET85.tmp
c:\windows\system32\SET86.tmp
c:\windows\system32\SET88.tmp
c:\windows\system32\SET89.tmp
c:\windows\system32\SET8A.tmp
c:\windows\system32\SET8B.tmp
c:\windows\system32\SET8C.tmp
c:\windows\system32\SET8D.tmp
c:\windows\system32\SET8E.tmp
c:\windows\system32\SET8F.tmp
c:\windows\system32\SET90.tmp
c:\windows\system32\SET92.tmp
c:\windows\system32\SET93.tmp
c:\windows\system32\SET94.tmp
c:\windows\system32\SET95.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SET98.tmp
c:\windows\system32\SET99.tmp
c:\windows\system32\SET9A.tmp
H:\autorun.inf
H:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-03 to 2013-04-03 )))))))))))))))))))))))))))))))
.
.
2013-04-03 17:41 . 2013-04-03 17:41 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2013-04-01 10:48 . 2013-04-02 09:22 -------- d-----w- c:\documents and settings\y\Application Data\Systweak
2013-04-01 10:48 . 2013-02-28 13:27 18776 ----a-w- c:\windows\system32\roboot.exe
2013-03-31 07:57 . 2008-08-18 08:39 117760 ----a-w- c:\windows\system32\hpzll64X.dll
2013-03-31 07:57 . 2008-08-18 08:39 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp64X .dll
2013-03-30 18:03 . 2013-03-30 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2013-03-30 06:42 . 2013-03-30 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ClubSanDisk
2013-03-28 20:45 . 2013-03-28 20:45 -------- d-----w- c:\documents and settings\y\Application Data\MindGems
2013-03-26 21:03 . 2013-04-03 20:04 -------- d-----w- c:\windows\system32\wbem\Logs
2013-03-26 20:48 . 2013-03-26 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2013-03-22 16:44 . 2013-03-22 16:49 -------- d-----w- C:\foboko
2013-03-20 10:24 . 2013-03-20 10:24 -------- d-----w- c:\program files\TSoft
2013-03-19 11:13 . 2013-03-19 11:13 -------- d-----w- C:\swsetup
2013-03-19 10:23 . 2013-03-20 11:49 -------- d-----w- C:\Printer
2013-03-15 07:52 . 2013-03-15 07:52 -------- d-----w- c:\documents and settings\y\Application Data\EmTec
2013-03-15 07:50 . 2013-03-15 08:00 -------- d-----w- c:\program files\MailBell
2013-03-15 07:28 . 2013-03-15 07:28 -------- d-----w- c:\documents and settings\y\Application Data\RoboForm
2013-03-15 07:26 . 2013-03-15 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2013-03-15 07:25 . 2013-03-15 07:25 -------- d-----w- c:\program files\Siber Systems
2013-03-15 07:21 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-15 07:21 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-15 07:21 . 2013-03-06 23:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-09 15:31 . 2013-03-09 15:31 -------- d-----w- c:\program files\Defraggler
2013-03-09 15:19 . 2013-03-09 15:19 -------- d-----w- c:\program files\af0.net
2013-03-08 15:24 . 2013-03-08 15:24 1646288 ----a-w- c:\program files\iview435_setup.exe
2013-03-07 17:28 . 2013-03-07 17:28 -------- d-----w- c:\program files\Microsoft
2013-03-07 17:25 . 2013-03-07 17:26 -------- dc-h--w- c:\windows\ie8
2013-03-07 17:25 . 2013-03-07 17:31 -------- d--h--w- c:\windows\msdownld.tmp
2013-03-07 17:21 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-03-07 16:52 . 2013-03-07 16:52 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-07 16:52 . 2013-03-07 16:52 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-06 21:07 . 2013-03-06 21:22 -------- d-----w- c:\program files\VisualTrace
2013-03-06 21:01 . 2013-03-09 17:21 -------- d-----w- c:\program files\NeoTracePro
2013-03-04 20:42 . 2013-03-04 20:42 -------- d--h--w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2013-03-27 10:46 . 2012-10-09 10:42 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-27 10:46 . 2012-10-09 10:42 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-20 10:23 . 2013-03-20 10:23 884811 ----a-w- C:\fk.zip
2013-03-07 16:52 . 2012-10-09 10:15 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-07 16:52 . 2012-02-17 12:14 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-06 23:33 . 2012-10-09 17:09 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2012-10-09 17:09 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2012-10-09 17:09 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2012-10-09 17:09 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 23:33 . 2012-10-09 17:09 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:32 . 2012-10-09 17:08 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2012-10-09 17:08 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-23 09:13 . 2013-01-23 09:13 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2010-01-20 03:53 . 2010-01-20 18:02 8036352 ----a-w- c:\program files\irfanview_plugins_425_setup.exe
2009-12-18 06:51 . 2009-12-27 12:06 4998707 ----a-w- c:\program files\flvplayer_setup.exe
2009-12-13 07:02 . 2009-12-14 18:36 3387059 ----a-w- c:\program files\PDFshrink_w45.exe
2009-12-13 05:11 . 2009-12-14 18:36 16832288 ----a-w- c:\program files\jre-6u17-windows-i586-s.exe
2005-04-05 21:34 . 2009-12-09 10:45 974848 ----a-w- c:\program files\mfc70.dll
2013-03-09 19:29 . 2013-03-09 19:29 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2013-02-25 3288856]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-03-15 96056]
"ABK"="g:\abk\abk.exe" [2008-07-18 1514496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"KMCONFIG"="F:\StartAutorun.exe" [2008-05-29 212992]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2013-01-04 2587576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" [2011-06-16 499608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\fsproflt2]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 17:17 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-06-30 07:43 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-06-30 07:43 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-06-30 07:43 142872 ----a-w- c:\windows\system32\igfxpers.exe
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvr t.sys [15/03/2013 10:21 49248]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [27/07/2010 14:06 41912]
R0 FSProFilter2;FSPro File Filter 2;c:\windows\system32\drivers\FSPFltd2.sys [09/02/2013 00:14 51760]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.s ys [27/10/2012 08:54 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.s ys [09/10/2012 20:09 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09/10/2012 20:09 368176]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [23/09/2012 09:08 171600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [09/10/2012 20:09 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [15/03/2013 10:21 66336]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [11/06/2012 17:22 193616]
R2 fsproflt2;FSPro Filter Service 2;c:\windows\system32\fsproflt2.exe [09/02/2013 00:14 49512]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [17/10/2012 18:31 12216]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/11/2012 23:23 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/11/2012 23:23 682344]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc. exe [29/11/2012 21:31 38608]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [11/06/2012 17:22 240208]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [10/11/2012 23:23 21104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [26/12/2009 19:54 1684736]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.s ys [15/03/2013 10:21 164736]
S3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [19/04/2011 19:05 176128]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [18/09/2012 12:32 43704]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [18/09/2012 12:32 12216]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 23:09 267568]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\dr ivers\mbamchameleon.sys [23/01/2013 12:13 35144]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [05/02/2013 18:48 235216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
FastUserSwitchingCompatibility
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
NWCWorkstation
Schedule
Seclogon
SRService
Themes
TrkWks
W32Time
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
napagent
hkmsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-28 17:27 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.43\Insta ller\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-10-09 10:46]
.
2013-04-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-09 23:32]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-09 17:09]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-09 17:09]
.
2012-04-29 c:\windows\Tasks\Microsoft Word.job
- c:\progra~1\MICROS~2\Office\WINWORD.EXE [1997-04-21 22:00]
.
2013-03-29 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTas kS-1-5-21-1409082233-1547161642-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 13:30]
.
2013-04-03 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-12-28 22:20]
.
2013-04-03 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-12-28 22:20]
.
2013-03-02 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-12-28 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ncr
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &NeoTrace It! - c:\progra~1\NEOTRA~2\NTXcontext.htm
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show avast! EasyPass Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 80.179.52.100 80.179.55.100
FF - ProfilePath - c:\documents and settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Search Here
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
FF - ExtSQL: 2013-02-27 13:43; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-03-06 23:11; addon@defaulttab.com; c:\documents and settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\ext ensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2013-03-15 09:26; {22119944-ED35-4ab1-910B-E619EA06A115}; c:\program files\Siber Systems\AI RoboForm\Firefox
FF - ExtSQL: 2013-03-18 19:13; {ab91efd4-6975-4081-8552-1b3922ed79e2}; c:\documents and settings\y\Application Data\Mozilla\Firefox\Profiles\npmh5aew.default\ext ensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Magic Boss Key - g:\magicboss\mgboss.exe
AddRemove-Otiot - e:\oo\DeIsL1.isu
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-03 23:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1409082233-1547161642-1801674531-1004\Software\Microsoft\  M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*\Recent File List]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"File1"="c:\\WINDOWS\\system32\\compmgmt.msc"
"File2"="c:\\WINDOWS\\system32\\devmgmt.msc"
"File3"="c:\\WINDOWS\\system32\\dfrg.msc"
"File4"="c:\\WINDOWS\\system32\\services.msc"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-04-03 23:16:23
ComboFix-quarantined-files.txt 2013-04-03 20:16
.
Pre-Run: 53,084,987,392 bytes free
Post-Run: 53,501,976,576 bytes free
.
- - End Of File - - FC88BBEAF0F535DEC5ABF3C5AEE90EC0
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 02:49 AM.