Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Closed Topic
 
Topic Tools
  #16  
Old March 11th, 2012, 01:04 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,848
Actually that disable security software link had sub-links for Windows 7 for turning off Defender, though they led to some film to watch. Control Panel - Windows Defender - Tools I believe is the way, for future reference. The logs show maybe your Internet Explorer Search choices have been altered, but no indication of what might be causing system slowness. Avast just recently did a large program update, to where it now is a very large and complex antivirus program, such as Norton and McAfee have been. Unfortunate. Just something to keep in mind.



Code:
@ECHO OFF
if exist Check.txt del /q Check.txt
regedit /e Regsearch1.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes"
regedit /e Regsearch2.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes"
Type Regsearch*.txt > Check.txt
del /q Regsearch*.txt 
Notepad Check.txt
Open Notepad (Start Search, type notepad and press Enter).

Copy/paste the above text (inside the Code box) into the open Notepad text box, then save this to your desktop as "cfgcheck.bat"

Be sure to include the "" quotes in the name. Then click on cfgcheck.bat. When the scan completes a textbox will open - copy/paste those contents back here please.


  #17  
Old March 11th, 2012, 11:22 AM
lcyber lcyber is offline
CTH Subscriber
 
Join Date: Feb 2003
O/S: Windows 7 64-bit
Location: uk
Posts: 1,066
Control Panel does not lead to Defender then tools,it makes no reference to Defender at all.


Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}"
"DownloadUpdates"=dword:00000001
"Version"=dword:00000003
"UpgradeTime"=hex:ed,bb,a6,4d,93,52,cc,01
"ShowSearchSuggestionsInAddressGlobal"=dword:00000 001
"KnownProvidersUpgradeTime"=hex:18,96,f6,4c,93,52, cc,01
"DoNotAskAgain"=hex(7):66,00,61,00,63,00,65,00,6d, 00,6f,00,6f,00,64,00,73,00,\
2e,00,63,00,6f,00,6d,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURLFallback"="http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidt h}&rowheight={ie:rowHeight}&sectionHeight={ie:sect ionHeight}&FORM=IE8SSC&market={language}"
"FaviconURLFallback"="http://www.bing.com/favicon.ico"
"FaviconPath"="C:\\Users\\user\\AppData\\LocalLow\ \Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"
"DisplayName"="Bing"
"URL"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
"TopResultURLFallback"="http://www.bing.com/search?q={searchTerms}&src=ie9tr"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}]
"URL"="http://start.facemoods.com/?a=grupo&s={searchTerms}&f=4"
"DisplayName"="Facemoods Search"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
"DisplayName"="Search the web (Babylon)"
"URL"="http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100489&mntrId=941 f3c7e0000000000001c6f65705093"
"SuggestionsURLFallback"="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&in putencoding={inputEncoding}&outputencoding={output Encoding}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]
"DisplayName"="Ask Search"
"URL"="http://websearch.ask.com/redirect?client=ie&tb=FTB&o=41648107&src=kw&q={sea rchTerms}&locale=en_UK&apn_ptnrs=9D&apn_dtid=YYYYY YYYGB&apn_uid=039E5075-AAE6-4521-8C99-E5B772795371&apn_sauid=5F0705DA-1BBD-472F-82B9-4639B2C2ED1C&"
"FaviconUrl"="http://www.ask.com/favicon.ico"
"FaviconPath"="C:\\Users\\user\\AppData\\LocalLow\ \Microsoft\\Internet Explorer\\Services\\search_{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}.ico"
"OSDFileURL"="file:///C:/Users/user/AppData/LocalLow/AskToolbar/osearch.xml"
"SuggestionsURL_JSON"="http://ss.websearch.uk.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms }"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}]
"DisplayName"="ALOT Search"
"URL"="http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=574C02E001CC 4B8300CA1374&install_time=2011-07-26T11:01:53Z&src_id=12287&camp_id=2586&tb_version= 2.5.20000.3"
"FaviconURLFallback"="http://files.alot.com/1/update/buttons/favicon.ico"
"SuggestionsURL_JSON"="http://sugg.alotimg.com/opensearch.php?q={searchTerms}"
"ShowSearchSuggestions"=dword:00000001
@=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{80D0D368-780B-4BAE-8A6B-C8EC832E474B}]
"DisplayName"="Yahoo! Search"
"URL"="http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=685749&p={searchTerms}"
"OSDFileURL"="file:///C:/Program%20Files/Common%20Files/Spigot/Search%20Settings/yahoo_ie.xml"
"FaviconURL"="http://www.yahoo.com/favicon.ico"
"FaviconPath"="C:\\Users\\user\\AppData\\LocalLow\ \Microsoft\\Internet Explorer\\Services\\search_{80D0D368-780B-4BAE-8A6B-C8EC832E474B}.ico"
"SuggestionsURLFallback"="http://sugg-ie.uk.search.yahoo.com/os?market=uk&appid=ie8&command={searchTerms}"
"FaviconURLFallback"="http://search.yahoo.com/favicon.ico"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"Deleted"="0"
"DisplayName"="Search Results"
"URL"="http://dts.search-results.com/sr?src=ieb&appid=179&systemid=406&sr=0&q={searchTe rms}"
"ShowSearchSuggestions"="1"
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=179&systemid=406&qu={sea rchTerms}&ft=json"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}]
"Deleted"="0"
"DisplayName"="Web Search"
"URL"="http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}"
"ShowSearchSuggestions"="1"
"SuggestionsURL_JSON"="http://search.imesh.com/suggest.php?src=ieb&systemid=1&qu={searchTerms}&ft =json"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}]
"DisplayName"="Inbox Search"
"URL"="http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80135 &lng=en"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}]
"URL"="http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92823419176 732906"
"DisplayName"="MyStart Search"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E5DA3E03-D40E-4A8E-92D5-24973B70C1EC}]
"DisplayName"="Google"
"URL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?}"
"ShowSearchSuggestions"=dword:00000001
"SuggestionsURL"="http://clients5.google.com/complete/search?q={searchTerms}&client=ie8&mw={ie:maxWidth} &sh={ie:sectionHeight}&rh={ie:rowHeight}&inputenco ding={inputEncoding}&outputencoding={outputEncodin g}"
"OSDFileURL"="http://www.ieaddons.com/gb/DownloadHandler.ashx?ResourceId=813"
"FaviconURL"="http://www.google.com/favicon.ico"
"FaviconPath"="C:\\Users\\user\\AppData\\LocalLow\ \Microsoft\\Internet Explorer\\Services\\search_{E5DA3E03-D40E-4A8E-92D5-24973B70C1EC}.ico"
"TopResultURLFallback"=""
"SuggestionsURLFallback"="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&in putencoding={inputEncoding}&outputencoding={output Encoding}"
"FaviconURLFallback"="http://www.google.com/favicon.ico"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E89CCB64-AED9-406B-8ECD-B2213C904848}]
"DisplayName"="midicair Customized Web Search"
"URL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2795622"
"OSDFileURL"="file:///C:/Users/user/AppData/Local/Temp/OpenSearch14492758.tmp"
"FaviconURL"="http://search.conduit.com/favicon.ico"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
@="Bing"
"URL"="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
"DisplayName"="@ieframe.dll,-12512"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"Deleted"="0"
"DisplayName"="Search Results"
"URL"="http://dts.search-results.com/sr?src=ieb&appid=179&systemid=406&sr=0&q={searchTe rms}"
"ShowSearchSuggestions"="1"
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=179&systemid=406&qu={sea rchTerms}&ft=json"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}]
"Deleted"="0"
"DisplayName"="Web Search"
"URL"="http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}"
"ShowSearchSuggestions"="1"
"SuggestionsURL_JSON"="http://search.imesh.com/suggest.php?src=ieb&systemid=1&qu={searchTerms}&ft =json"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
"DisplayName"="MyAshampoo Customized Web Search"
  #18  
Old March 12th, 2012, 01:23 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,848
Not really sure on that Defender thing - seems to shape shift with each Windows variation.


Go to Start - Control Panel - Programs - Programs and Features, then click on each of the following programs, if they show there, and click "Uninstall/Change".

Inbox Toolbar - Adware, spyware, search hijacker.
WinASO Registry Optimizer 4.7.2 - There are no "reg cleaner/fixer/cure/speeder uppers" that actually bring benefit to systems and most usually harm things with incorrect changes. Especially this one.
Eusing Free Registry Cleaner - Same as above.
FileHippo.com Update Checker - Questionable value - your choice.

---------

Code:
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{E5DA3E03-D40E-4A8E-92D5-24973B70C1EC}"

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E89CCB64-AED9-406B-8ECD-B2213C904848}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{E5DA3E03-D40E-4A8E-92D5-24973B70C1EC}"

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
Open Notepad (Start - Run, type Notepad then press OK), and copy the text inside the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixer.reg"

Be sure to include the "" quotes in the name.

Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry.

Reboot, and post a new OTL log please.
  #19  
Old March 12th, 2012, 04:18 PM
lcyber lcyber is offline
CTH Subscriber
 
Join Date: Feb 2003
O/S: Windows 7 64-bit
Location: uk
Posts: 1,066
OTL logfile created on: 12/03/2012 15:11:18 - Run 6
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\user\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.24 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 69.61% Memory free
6.48 Gb Paging File | 5.52 Gb Available in Paging File | 85.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.59 Gb Total Space | 50.39 Gb Free Space | 65.80% Space Free | Partition Type: NTFS
Drive F: | 149.01 Gb Total Space | 88.84 Gb Free Space | 59.62% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/09 18:06:39 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012/02/23 16:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/02/23 16:23:21 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/04/29 09:30:27 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/07 21:30:22 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\Rapport MS\baseline\RapportMS.dll
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/05/28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/23 16:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/23 16:23:20 | 000,131,288 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/03/24 21:02:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012/02/23 16:13:00 | 000,112,984 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/02/23 16:12:28 | 000,610,648 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/02/23 16:12:16 | 000,337,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/02/23 16:12:01 | 000,196,440 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/02/23 16:11:24 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/02/23 16:10:59 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\Drivers\aswrdr2.sys -- (aswRdr)
DRV - [2012/02/23 16:10:39 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/02/23 16:10:34 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/02/23 16:10:16 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/23 15:54:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2011/12/15 17:08:25 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\Rapport Cerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/07 21:30:22 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\Rapport MS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/11/26 18:02:22 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 22:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {E5DA3E03-D40E-4A8E-92D5-24973B70C1EC}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E BE F8 A7 D1 97 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {77f8c945-4b74-4bd6-a073-e0d1997edce8} - No CLSID value found
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {E5DA3E03-D40E-4A8E-92D5-24973B70C1EC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=grupo&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100489&mntrId=941 f3c7e0000000000001c6f65705093
IE - HKCU\..\SearchScopes\{80D0D368-780B-4BAE-8A6B-C8EC832E474B}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=685749&p={searchTerms}
IE - HKCU\..\SearchScopes\{E5DA3E03-D40E-4A8E-92D5-24973B70C1EC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: E:\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2011/03/30 22:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoog leNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dl l
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf3 2.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnp ncnbda\6.0.1407_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\6.1.3_0\

O1 HOSTS File: ([2011/11/24 10:30:57 | 000,435,628 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15020 more lines...
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {77F8C945-4B74-4BD6-A073-E0D1997EDCE8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{2DA66059-73EF-43F1-ADBA-DA389CBA88B4}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.ex e (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/11 22:24:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C9FAFBF7-1251-4DCD-B636-5767CD32FD11}
[2012/03/11 22:24:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4AC7154F-5A52-4CB5-B831-3BA4E982C10C}
[2012/03/11 10:23:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{9F1259C4-9C12-4E15-BE95-F23DDE33D278}
[2012/03/11 10:23:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{89004AA8-DC03-4F5A-B315-D3B49113F7CF}
[2012/03/10 17:47:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{AABCA0F8-D5ED-4425-B349-C8A3F16569E9}
[2012/03/10 17:47:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5335E2AA-CED8-457D-B3A5-FFBB5CC6E396}
[2012/03/10 16:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2012/03/09 18:38:18 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2012/03/09 18:06:32 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/03/09 10:26:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DA1E9E60-797C-4283-A20F-8648299EA165}
[2012/03/09 10:25:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{35DF1A4A-8BD7-44A5-B65C-E6CA0071BEFE}
[2012/03/08 22:25:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{69DFEBCC-E8B7-4C57-B683-970BE4BC4AC4}
[2012/03/08 22:25:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{8339C240-4BDC-4F94-941E-40AA1ACFF344}
[2012/03/08 10:13:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{F92F8E4B-4808-4C01-9E94-C53C8D882674}
[2012/03/08 10:13:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E1335FFC-4830-43D7-89A9-9B6EF53414BB}
[2012/03/07 19:57:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{16F63384-0076-43D7-91E7-30769D8F3167}
[2012/03/07 19:57:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{43DC44C4-132D-4A00-B0C8-E175BF52EF54}
[2012/03/07 07:57:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{608FB246-6958-47A2-A40F-57953F587B14}
[2012/03/07 07:56:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{821FC202-64F7-469B-8B92-7CCE5AF25741}
[2012/03/06 19:56:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{7AC9A0BB-3E42-412E-8E7A-1ACC7E3A21E0}
[2012/03/06 19:56:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{CF23559D-1F81-4676-BD03-3A695FE3E2D3}
[2012/03/05 10:03:35 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{FA635762-6615-4D3F-887C-BECF2E44FF8E}
[2012/03/05 10:03:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{668F35D9-A6C1-43FF-B797-49ED1A9852A7}
[2012/03/04 19:47:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DB475305-833D-4329-BF24-CC60B975C2DE}
[2012/03/04 19:44:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E882BBE5-133B-48D1-AD7C-DEB3765B8D75}
[2012/03/03 13:16:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{1EBE75B2-02B7-4774-95FB-92EB2B3AF5DE}
[2012/03/03 13:13:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{9537AC29-30CE-47D3-8100-38F68E18A0BD}
[2012/03/02 09:19:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{0FA9E24D-2FFE-4328-824B-8B731022771F}
[2012/03/02 09:16:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{8100A53C-E583-4CA2-BFAC-3C5943B232EF}
[2012/03/01 13:25:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{6E9BD210-BA5F-412D-8797-99ADB5BA1541}
[2012/02/29 11:09:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DDE186F0-A2C0-43F1-9FE9-FC7757339702}
[2012/02/29 11:06:33 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{BD26CDAD-9DEA-47F9-86F8-6EC98008B8B1}
[2012/02/29 10:03:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{910DA632-52A8-4FB3-A072-254557E2BEF9}
[2012/02/28 12:21:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C7D887DA-B3C1-458C-B44C-8A6D67967EFC}
[2012/02/28 12:19:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{601D1C18-4E8D-4F37-8D3D-1CA800B02406}
[2012/02/27 19:59:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{0768F8BA-2E56-473C-9534-CA4C36E3BD18}
[2012/02/27 10:55:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DF4295B0-B346-4AD8-99D0-DF269AE912B2}
[2012/02/27 10:53:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{D66843BB-D3DB-4EC4-8A8F-2B12F4E9C6DD}
[2012/02/26 23:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/26 14:36:31 | 000,112,984 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012/02/26 14:36:23 | 000,196,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012/02/26 14:36:23 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/02/26 14:36:22 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012/02/26 14:36:13 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012/02/26 14:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/02/25 15:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/02/25 15:40:16 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/25 10:58:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{862BA5EA-5C25-4841-B821-DCFF08A4BD9C}
[2012/02/25 10:55:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{9C623E93-9C34-4FAA-A84F-E698A76B7371}
[2012/02/24 22:52:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4C5BA1B9-36F2-4BA7-8FB7-E1BB8B0750BC}
[2012/02/24 22:48:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5D3E62C3-9F1C-46A3-9CE8-B8DE0E293A12}
[2012/02/24 10:46:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E9C36EA1-39CE-4439-B490-477661718972}
[2012/02/24 10:43:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{279880F5-E319-493F-A58B-091410369B51}
[2012/02/23 00:04:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{41B87861-D1A2-4142-A16A-674F705002AB}
[2012/02/22 10:59:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{3CBE3852-AEA4-475B-A802-199415AE34C2}
[2012/02/22 10:56:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{BB286382-FD44-40A6-B15D-ED3859DC7A68}
[2012/02/22 09:56:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{10CB6142-4192-4BD0-AA58-98704F50949A}
[2012/02/22 09:39:38 | 000,000,000 | R--D | C] -- C:\Users\user\Desktop\Documents
[2012/02/21 10:44:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{570CC288-8339-4914-9CFE-8C33B2E8D0AA}
[2012/02/21 10:42:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C7D2A034-1E4D-4D05-96E8-1590DA19A666}
[2012/02/20 22:39:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{A208CEA4-A1B7-4BAD-B59E-4C0470CC7004}
[2012/02/20 22:36:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{43CDAA4E-1F09-4856-B456-0705CBDBBD39}
[2012/02/20 10:16:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4878EDD7-FF70-4321-A408-01C41CD39EB1}
[2012/02/20 10:13:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{D69D5E5D-91A9-40C8-958B-4BB96901CB3E}
[2012/02/19 12:19:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{25E4B0C9-BE3B-49AC-B78B-8BA17E35C45B}
[2012/02/19 12:16:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2C5483C2-8871-441C-A206-CB9B64C615DC}
[2012/02/19 11:47:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{708AE14F-271C-408D-B90A-706ADCC21044}
[2012/02/19 11:44:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E644214C-F9B7-4CB3-8C80-659B56E88C54}
[2012/02/18 14:22:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{600F4E39-5395-4BA4-9B61-39FBB32E667C}
[2012/02/18 14:20:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E410266B-4EC4-4CC3-87CE-848084A78A20}
[2012/02/18 10:24:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{04CA8653-8E22-470E-A07B-4369433163E6}
[2012/02/17 21:38:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{91264309-1AEF-418A-BD31-82B5EBC978CF}
[2012/02/17 21:35:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{D5D07503-E0FC-4654-B2FC-703A999095A4}
[2012/02/17 09:32:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{887BE49B-933D-43DC-8001-893A7531AB5B}
[2012/02/17 09:30:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{3BD7972A-0E0F-4132-9ED6-AA37D2E69683}
[2012/02/16 11:44:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{43537686-557C-41ED-B838-469CC2C7B853}
[2012/02/16 11:41:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2785C88E-FBCD-40CB-9828-654F950E39BB}
[2012/02/15 23:59:31 | 000,000,000 | ---D | C] -- C:\7073191d4d97e081ba
[2012/02/15 23:56:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/15 23:56:55 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/15 23:56:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/15 23:56:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/15 23:56:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/15 23:56:51 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/15 23:09:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{D906312E-AE81-45DE-BABB-E90863C77027}
[2012/02/15 23:07:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{045834BD-8C7F-46F6-8C6F-03FCF49F7C38}
[2012/02/15 11:04:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5897F63A-B45F-4000-84A7-D49E53B195B3}
[2012/02/15 11:01:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{13CA3830-FCA8-4BDA-B20D-E7E557CC59A8}
[2012/02/15 10:29:25 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/02/15 10:29:06 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/14 22:58:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2E3DEF7E-B0ED-44FE-8D18-297C3FC721BB}
[2012/02/14 22:54:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{22CDB7DB-F3BE-4B97-89E5-9328BF0DDA33}
[2012/02/14 10:51:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{A9FA6247-60AF-4DB6-9545-7187566C39D6}
[2012/02/14 10:48:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C0A46B89-3382-42B9-ABE1-8144FA870244}
[2012/02/13 22:45:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4A12D88E-F24E-46C8-B719-05E01ECDD6AE}
[2012/02/13 22:42:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{29FCBC15-B09E-4130-929A-4218BE7CDA56}
[2012/02/13 10:39:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5BCF7112-ED73-41A3-86A7-80E70755E340}
[2012/02/13 10:36:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{28032CD7-B97C-4791-9CD7-E2178880A05E}
[2012/02/12 12:04:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{92E2EE54-EB07-4AD6-88CB-36BFA975883A}
[2012/02/12 12:02:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{58B0CACA-8255-4ACA-B621-C6CA699031FD}

========== Files - Modified Within 30 Days ==========

[2012/03/12 15:09:12 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/12 15:07:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/12 15:07:02 | 2608,979,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/12 15:05:02 | 000,001,402 | ---- | M] () -- C:\Users\user\Desktop\fixer.reg
[2012/03/12 14:50:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/12 09:19:37 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 09:19:37 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/11 10:18:38 | 000,000,317 | ---- | M] () -- C:\Users\user\Desktop\cfgcheck.bat
[2012/03/11 03:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\ErrorEND.job
[2012/03/10 17:37:19 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2012/03/10 16:55:58 | 000,002,430 | ---- | M] () -- C:\Users\user\Desktop\uninstall_list 2
[2012/03/10 16:55:34 | 000,001,999 | ---- | M] () -- C:\Users\user\Desktop\HijackThis.lnk
[2012/03/09 18:38:24 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2012/03/09 18:11:54 | 000,302,592 | ---- | M] () -- C:\Users\user\Desktop\ewqnp886.exe
[2012/03/09 18:06:39 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/03/08 20:51:02 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/03 16:47:58 | 000,008,238 | ---- | M] () -- C:\Users\user\Desktop\Documents\chinese girl singin.odt
[2012/03/03 16:47:27 | 000,008,238 | ---- | M] () -- C:\Users\user\Desktop\Documents\Untitled 1.odt
[2012/02/29 11:05:52 | 000,013,193 | ---- | M] () -- C:\Users\user\Desktop\Documents\Complaint british gas.odt
[2012/02/26 14:36:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/26 14:32:32 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/02/25 15:40:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/23 16:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/23 16:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/23 16:13:00 | 000,112,984 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012/02/23 16:12:28 | 000,610,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/23 16:12:16 | 000,337,112 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/23 16:12:01 | 000,196,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012/02/23 16:11:24 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012/02/23 16:10:59 | 000,044,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/02/23 16:10:39 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/23 16:10:34 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/23 16:10:16 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/23 15:54:51 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/02/23 00:38:04 | 000,007,635 | ---- | M] () -- C:\Users\user\AppData\Local\resmon.resmoncfg
[2012/02/22 18:00:55 | 000,096,983 | ---- | M] () -- C:\Users\user\Desktop\Documents\heliconia 3.jpg
[2012/02/22 17:54:15 | 000,061,274 | ---- | M] () -- C:\Users\user\Desktop\Documents\heliconia 2.jpg
[2012/02/22 12:03:52 | 000,254,154 | ---- | M] () -- C:\Users\user\Desktop\Documents\heliconia.jpg
[2012/02/22 11:35:30 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/22 11:35:30 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/19 12:29:21 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/16 10:08:25 | 000,284,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/03/12 15:05:02 | 000,001,402 | ---- | C] () -- C:\Users\user\Desktop\fixer.reg
[2012/03/11 10:18:38 | 000,000,317 | ---- | C] () -- C:\Users\user\Desktop\cfgcheck.bat
[2012/03/10 16:55:58 | 000,002,430 | ---- | C] () -- C:\Users\user\Desktop\uninstall_list 2
[2012/03/10 16:53:35 | 000,001,999 | ---- | C] () -- C:\Users\user\Desktop\HijackThis.lnk
[2012/03/09 18:57:14 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2012/03/09 18:11:54 | 000,302,592 | ---- | C] () -- C:\Users\user\Desktop\ewqnp886.exe
[2012/03/03 16:47:56 | 000,008,238 | ---- | C] () -- C:\Users\user\Desktop\Documents\chinese girl singin.odt
[2012/03/03 16:47:25 | 000,008,238 | ---- | C] () -- C:\Users\user\Desktop\Documents\Untitled 1.odt
[2012/02/29 11:05:50 | 000,013,193 | ---- | C] () -- C:\Users\user\Desktop\Documents\Complaint british gas.odt
[2012/02/26 23:08:50 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/26 14:32:32 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/02/25 15:40:35 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/25 15:40:34 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/22 17:55:47 | 000,096,983 | ---- | C] () -- C:\Users\user\Desktop\Documents\heliconia 3.jpg
[2012/02/22 12:09:54 | 000,061,274 | ---- | C] () -- C:\Users\user\Desktop\Documents\heliconia 2.jpg
[2012/02/22 11:56:59 | 000,254,154 | ---- | C] () -- C:\Users\user\Desktop\Documents\heliconia.jpg
[2011/11/30 15:46:24 | 000,017,828 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2011/11/25 19:19:22 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011/09/10 21:53:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/10 21:53:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/10 21:53:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/06 19:08:46 | 000,007,635 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg
[2011/08/04 08:25:42 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/08/04 08:25:36 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/07/25 19:51:46 | 000,002,712 | ---- | C] () -- C:\Windows\System32\AVRedirector.ini
[2011/07/25 19:51:46 | 000,001,392 | ---- | C] () -- C:\Windows\System32\AVRedirectorOff.ini
[2011/06/15 09:50:22 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/06/06 20:06:53 | 000,000,144 | ---- | C] () -- C:\Users\user\AppData\Roaming\ohvoiryn.bat
[2011/02/28 11:48:11 | 000,028,496 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/02/28 11:48:11 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/02/13 21:36:11 | 000,006,656 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/08 16:09:10 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 1069 bytes -> C:\Users\Public\Documents\Statin users hav
  #20  
Old March 13th, 2012, 02:24 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,848
A few more remnant changes we can make, but after this next step, you need to consider uninstalling Avast, rebooting and check if that resolves issues. If so, we can discuss alternatives to Avast.


emp disable security softwares, then open OTL again.

Under the Custom Scans/Fixes box at the bottom, paste in the following (inside the Code box):

Code:
:otl
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=grupo&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100489&mntrId=941 f3c7e0000000000001c6f65705093
O3 - HKLM\..\Toolbar: (no name) - !{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {77F8C945-4B74-4BD6-A073-E0D1997EDCE8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
Then click the Run Fix button at the top of the OTL display. When that completes a log will open - post that here in your next reply please. That log will also be saved in the c:\_OTL\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log).

Reboot, check for change please.
  #21  
Old March 13th, 2012, 04:22 PM
lcyber lcyber is offline
CTH Subscriber
 
Join Date: Feb 2003
O/S: Windows 7 64-bit
Location: uk
Posts: 1,066
This log shows "unable to interpret ,disable security software ,but I have only two, and they area Windows Defender and Avast ,they are both disabled ! What should I do ?

Error: Unable to interpret <emp disable security softwares, then open OTL again.> in the current context!
Error: Unable to interpret <Under the Custom Scans/Fixes box at the bottom, paste in the following (inside the Code box):> in the current context!
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562A E-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF79 6-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9888981 1-442D-49dd-99D7-DC866BE87DBC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{77F8C945-4B74-4BD6-A073-E0D1997EDCE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77F8C94 5-4B74-4BD6-A073-E0D1997EDCE8}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7 F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\control panel Then click the Run Fix button at the top of the OTL display. When that completes a log will open - post that here in your next reply please. That log will also be saved in the c:\_OTL\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log).\ not found.
File \_OTL\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log). not found.

OTL by OldTimer - Version 3.2.36.2 log created on 03132012_151643
  #22  
Old March 14th, 2012, 12:08 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,848
Sorry, other than I see I left out a letter, this is the start of what you needed to copy for the OTL scan:

:otl
IE - HKCU\..\SearchScopes\

Everything INSIDE the box below the word Code, not the sentences above it. Looks like it worked fine, but to be sure, run it again using only the script inside the code box, then post that log please.
  #23  
Old March 14th, 2012, 12:39 AM
lcyber lcyber is offline
CTH Subscriber
 
Join Date: Feb 2003
O/S: Windows 7 64-bit
Location: uk
Posts: 1,066
]========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562A E-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF79 6-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{D7E97865-918F-41E4-9CD0-25AB1C574CE8} not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9888981 1-442D-49dd-99D7-DC866BE87DBC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{77F8C945-4B74-4BD6-A073-E0D1997EDCE8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77F8C94 5-4B74-4BD6-A073-E0D1997EDCE8}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7 F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\control panel\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\restrictions\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\control panel\ deleted successfully.

OTL by OldTimer - Version 3.2.36.2 log created on 03132012_233921
  #24  
Old March 14th, 2012, 01:38 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,848
Good. It verifies all the previous entries did get changed as we wanted. Not quite sure about the last one, which seems to have been a bit too aggressive in removing the key.


Code:
REGEDIT4

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
@=""
Go to Start Search, type notepad.exe in the Start Search box. Notepad.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator"., and copy the text inside the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixer.reg"

Be sure to include the "" quotes in the name.

A reboot will be necessary to complete those changes, so do that please, but just not sensing these changes as effecting the improvements we are looking for. But check anyway please.

Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry.
  #25  
Old March 14th, 2012, 09:38 AM
lcyber lcyber is offline
CTH Subscriber
 
Join Date: Feb 2003
O/S: Windows 7 64-bit
Location: uk
Posts: 1,066
Thanks Jintan
Big improvement,hope it's not a one off.
regards
lcyber
  #26  
Old March 15th, 2012, 12:02 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,848
Is that a "Big improvement, we've done it!", or, "Big improvement. But still things going wrong."? Be sure to reboot and check for change.
  #27  
Old March 16th, 2012, 11:02 AM
lcyber lcyber is offline
CTH Subscriber
 
Join Date: Feb 2003
O/S: Windows 7 64-bit
Location: uk
Posts: 1,066
Still having long delays on a few sites but in general much quicker.It's not any particular site that is slow, it varies,booting up takes ages suddenly.When closing down I an prompted "not to power down as trying to install 1 of 2 updates" this has been happening for weeks now.Maybe some signigicance in this
  #28  
Old March 16th, 2012, 11:15 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,848
Go here and download Cédric GEORGEOT's CAT – Crisis Aversion Tool, then click that cat.exe to run the tool.

(For the download link, scroll down and click "ici" in: Bref, un must have à télécharger d’urgence ici. <------)


When CAT opens, click the left-side Fixes tab. Place a check next to:

Flush DNS Resolver Cache
Reset Internet Explorer
Reset Windows Updates
Reset All Networking Interfaces
Reset Default Services Start States


Then click Apply Checked Fixes, and agree to start the installer service. When it completes it's changes, click the upper left X and agree to close CAT. It will also open a log file - just close that for now.

A Caution - Please refrain from the temptation to effect other changes with CAT.

Reboot, and check for change.
  #29  
Old March 17th, 2012, 12:11 PM
lcyber lcyber is offline
CTH Subscriber
 
Join Date: Feb 2003
O/S: Windows 7 64-bit
Location: uk
Posts: 1,066
No difference other than closing down doesn't prompt me not to close down as installing 1 of 2 updates anymore.Still get delays and also unable to get task manager to run showing only processes
  #30  
Old March 18th, 2012, 01:20 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,848
Sorry to delay things, but:

Quote:
unable to get task manager to run showing only processes
Task Manager opens, but the Processes tab is not there?
Closed Topic

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 03:02 PM.