Jump to content

I think i have trojan verus


Recommended Posts

hello i think i have a virus infected on my laptop and wonder if you can help me remove it as my computer skills are limited

i have the requested fields below thank you

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16476

Run by user at 14:18:56 on 2013-05-01

Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.2046.549 [GMT 1:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\Hpservice.exe

C:\Program Files\HitmanPro\hmpsched.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\ProgramData\eSafe\eGdpSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\DefaultTab\DefaultTabSearch.exe

C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

C:\Program Files\Expat Shield\bin\openvpnas.exe

C:\Program Files\Expat Shield\HssWPR\hsssrv.exe

C:\Program Files\Expat Shield\bin\hsswd.exe

C:\Program Files\My Connection\BackgroundService\ServiceManager.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\PANDORA.TV\PanService\PandoraService.exe

C:\Program Files\Yontoo\Y2Desktop.Updater.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Internet Haut Débit Mobile\AutoDect.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\My Connection\BackgroundService\ModemListener.exe

C:\Program Files\Nokia\PC Internet Access\NPCIA.exe

C:\Program Files\My Connection\ModemApplication.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Users\user\AppData\Roaming\Yontoo\YontooDesktop.exe

C:\Program Files\Supercopier\Supercopier.exe

C:\Program Files\Mountain Lion Skin Pack\RocketDock\XLaunchPad\XLaunchPad.exe

C:\Program Files\Electronic Arts\EADM\Core.exe

C:\Program Files\FilesFrog Update Checker\update_checker.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Mountain Lion Skin Pack\DeskDrive\DeskDrive.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\GoforFiles\GFFUpdater.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Optimizer Pro\OptProReminder.exe

C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Program Files\Mountain Lion Skin Pack\UberIcon\UberIcon.exe

C:\Program Files\Mountain Lion Skin Pack\VirtuaWin\VirtuaWin.exe

C:\Program Files\Mountain Lion Skin Pack\Winroll\winroll.exe

C:\Program Files\Mountain Lion Skin Pack\Xwidget\xwidget.exe

C:\Program Files\Mountain Lion Skin Pack\YzShadow\YzShadow.exe

C:\Program Files\Mountain Lion Skin Pack\VirtuaWin\modules\WinList.exe

C:\Program Files\WhiteSmoke\WSTray.exe

C:\Program Files\Expat Shield\bin\openvpntray.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\netsh.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k WerSvcGroup

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://websearch.youwillfind.info/?pid=714&r=2013/04/25&hid=2584483772&lg=EN&cc=MA

uDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=FUJITSUXMHZ2250BHXG2_K617T8A37D62&ts=1364240115

mStart Page = hxxp://websearch.youwillfind.info/?pid=714&r=2013/04/25&hid=2584483772&lg=EN&cc=MA

mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=FUJITSUXMHZ2250BHXG2_K617T8A37D62&ts=1364240115

uURLSearchHooks: ToolbarURLSearchHook Class: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - c:\program files\dealbulldog toolbar toolbar\tbhelper.dll

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - c:\program files\expat shield\hssie\ExpatIE.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\user\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files\delta\delta\1.8.16.16\bh\delta.dll

BHO: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - c:\program files\dealbulldog toolbar toolbar\tbcore3.dll

TB: DealBulldog Toolbar Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - c:\program files\dealbulldog toolbar toolbar\tbcore3.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files\delta\delta\1.8.16.16\deltaTlbr.dll

TB: DealBulldog Toolbar Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - c:\program files\dealbulldog toolbar toolbar\tbcore3.dll

uRun: [NokiaPCInternetAccess] "c:\program files\nokia\pc internet access\NPCIA.exe" /b

uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

uRun: [Facebook Update] "c:\users\user\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot

uRun: [Yontoo Desktop] "c:\users\user\appdata\roaming\yontoo\YontooDesktop.exe"

uRun: [supercopier.exe] c:\program files\supercopier\Supercopier.exe

uRun: [XLaunchpad] c:\program files\mountain lion skin pack\rocketdock\xlaunchpad\XLaunchPad.exe start

uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent

uRun: [sDP] c:\program files\filesfrog update checker\update_checker.exe /auto

uRun: [Optimizer Pro] c:\program files\optimizer pro\OptProLauncher.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [autodetect] c:\program files\internet haut débit mobile\AutoDect.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [iAM Wave ModemListener] c:\program files\my connection\backgroundservice\ModemListener.exe start

StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\program files\whitesmoke\WSTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\deskdr~1.lnk - c:\program files\mountain lion skin pack\deskdrive\DeskDrive.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\finder~1.lnk - c:\program files\mountain lion skin pack\finderbar\Finderbar.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rocket~1.lnk - c:\program files\mountain lion skin pack\rocketdock\RocketDock.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\skinpa~1.lnk - c:\program files\mountain lion skin pack\SP.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ubericon.lnk - c:\program files\mountain lion skin pack\ubericon\UberIcon.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\virtua~1.lnk - c:\program files\mountain lion skin pack\virtuawin\VirtuaWin.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winroll.lnk - c:\program files\mountain lion skin pack\winroll\winroll.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\xwidget.lnk - c:\program files\mountain lion skin pack\xwidget\xwidget.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\yzshadow.lnk - c:\program files\mountain lion skin pack\yzshadow\YzShadow.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: Interfaces\{563B9251-9288-44A0-B19E-EAF86B4DE545} : NameServer = 212.217.0.12 212.217.1.12

TCP: Interfaces\{9B149779-21EE-47E7-B35D-8180E0C42D18} : DHCPNameServer = 8.8.8.8

TCP: Interfaces\{EB4E730D-56FA-4271-86F7-3D56AF58AA8B} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{EB4E730D-56FA-4271-86F7-3D56AF58AA8B}\2496F602341666560275966696 : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\7ugqgsts.default\

FF - prefs.js: browser.search.defaulturl - hxxp://websearch.youwillfind.info/?pid=714&r=2013/04/25&hid=2584483772&lg=EN&cc=MA&l=1&q=

FF - prefs.js: browser.search.selectedEngine - scaricaremusica Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://websearch.youwillfind.info/?pid=714&r=2013/04/25&hid=2584483772&lg=EN&cc=MA

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268887&SearchSource=2&CUI=UN04913923274383258&UM=&q=

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\users\user\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll

FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\7ugqgsts.default\extensions\{23dc2b06-97a6-4eb1-9e05-4ed8962b4a68}\plugins\np-mswmp.dll

FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\7ugqgsts.default\extensions\{23dc2b06-97a6-4eb1-9e05-4ed8962b4a68}\plugins\npConduitFirefoxPlugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll

FF - ExtSQL: 2013-03-25 19:28; torntv2@torntv.com; c:\users\user\appdata\roaming\mozilla\firefox\profiles\7ugqgsts.default\extensions\torntv2@torntv.com.xpi

FF - ExtSQL: 2013-03-25 19:29; plugin@yontoo.com; c:\users\user\appdata\roaming\mozilla\firefox\profiles\7ugqgsts.default\extensions\plugin@yontoo.com

FF - ExtSQL: 2013-04-15 20:17; {75656794-AB59-4712-BFBC-5D816D56F3BC}; c:\users\user\appdata\roaming\mozilla\firefox\profiles\7ugqgsts.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}

FF - ExtSQL: 2013-04-16 21:09; ffxtlbr@delta.com; c:\users\user\appdata\roaming\mozilla\firefox\profiles\7ugqgsts.default\extensions\ffxtlbr@delta.com

FF - ExtSQL: 2013-04-21 01:12; addon@defaulttab.com; c:\users\user\appdata\roaming\mozilla\firefox\profiles\7ugqgsts.default\extensions\addon@defaulttab.com.xpi

FF - ExtSQL: 2013-04-22 21:21; afurladvisor@anchorfree.com; c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com

FF - ExtSQL: 2013-04-22 22:20; cxzfess@ghqiyuqsc.org; c:\users\user\appdata\roaming\mozilla\firefox\profiles\7ugqgsts.default\extensions\cxzfess@ghqiyuqsc.org

FF - ExtSQL: 2013-04-22 22:20; aoazhb@avuuzuyorae.org; c:\users\user\appdata\roaming\mozilla\firefox\profiles\7ugqgsts.default\extensions\aoazhb@avuuzuyorae.org

FF - ExtSQL: 2013-04-28 14:47; ouaoqe2@cr.org; c:\users\user\appdata\roaming\mozilla\firefox\profiles\7ugqgsts.default\extensions\ouaoqe2@cr.org

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113357

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - d408927f00000000000006242b19605b

FF - user.js: extensions.BabylonToolbar_i.hardId - d408927f00000000000006242b19605b

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15534

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:24:34

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extentions.y2layers.installId - ca5ec6dd-51f4-460d-9c12-0246fe1c5348

FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers

FF - user.js: extensions.delta.tlbrSrchUrl -

FF - user.js: extensions.delta.id - d408927f00000000000006242b19605b

FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

FF - user.js: extensions.delta.instlDay - 15811

FF - user.js: extensions.delta.vrsn - 1.8.16.16

FF - user.js: extensions.delta.vrsni - 1.8.16.16

FF - user.js: extensions.delta.vrsnTs - 1.8.16.1621:09:38

FF - user.js: extensions.delta.prtnrId - delta

FF - user.js: extensions.delta.prdct - delta

FF - user.js: extensions.delta.aflt - babsst

FF - user.js: extensions.delta.smplGrp - none

FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst

FF - user.js: extensions.delta.dfltLng - en

FF - user.js: extensions.delta.excTlbr - false

FF - user.js: extensions.delta.ffxUnstlRst - true

FF - user.js: extensions.delta.admin - false

FF - user.js: extensions.delta.autoRvrt - false

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.newTab - false

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-29 49248]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-16 765736]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-9 368176]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-9 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-9 66336]

S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-29 164736]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

.

=============== Created Last 30 ================

.

2013-05-01 13:14:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-05-01 12:37:55 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes

2013-05-01 12:37:10 -------- d-----w- c:\programdata\Malwarebytes

2013-05-01 12:37:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-01 12:37:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-04-30 17:03:09 393216 ----a-w- c:\windows\system32\drivers\bthport.sys

2013-04-30 17:03:08 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS

2013-04-30 16:58:09 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{58ceb078-e2aa-4fd5-bab0-9bd61e7de975}\mpengine.dll

2013-04-30 14:56:22 -------- d-----w- c:\windows\system32\wbem\en-US

2013-04-30 14:22:51 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-04-30 14:22:51 295424 ----a-w- c:\windows\system32\atmfd.dll

2013-04-30 14:18:52 257024 ----a-w- c:\windows\system32\msv1_0.dll

2013-04-30 14:01:14 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2013-04-30 14:01:14 49472 ----a-w- c:\windows\system32\netfxperf.dll

2013-04-30 14:01:14 297808 ----a-w- c:\windows\system32\mscoree.dll

2013-04-30 14:01:14 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2013-04-30 14:01:13 1130824 ----a-w- c:\windows\system32\dfshim.dll

2013-04-30 13:24:15 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-04-30 13:24:14 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-04-30 13:24:14 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-04-30 13:23:02 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-04-30 13:23:02 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-04-30 13:23:01 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-04-30 13:23:01 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-04-30 13:22:58 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-04-30 13:22:58 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2013-04-30 13:22:57 613888 ----a-w- c:\windows\system32\WUDFx.dll

2013-04-30 13:21:27 5120 ----a-w- c:\windows\system32\wmi.dll

2013-04-30 13:21:27 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2013-04-30 13:21:26 158720 ----a-w- c:\windows\system32\imagehlp.dll

2013-04-30 13:02:10 -------- d-----w- c:\windows\system32\Wat

2013-04-30 03:07:49 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2013-04-30 03:07:48 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2013-04-30 03:02:50 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2013-04-29 14:41:28 316928 ----a-w- c:\windows\system32\spoolsv.exe

2013-04-29 14:40:09 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe

2013-04-29 14:40:08 1413632 ----a-w- c:\windows\system32\ole32.dll

2013-04-29 14:40:02 1210728 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-29 14:39:59 627712 ----a-w- c:\windows\system32\usp10.dll

2013-04-29 14:39:56 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2013-04-29 14:39:55 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2013-04-29 14:39:54 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2013-04-29 14:39:46 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2013-04-29 14:39:42 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-04-29 14:39:36 1288984 ----a-w- c:\windows\system32\ntdll.dll

2013-04-29 14:39:30 2345984 ----a-w- c:\windows\system32\win32k.sys

2013-04-29 14:39:28 172544 ----a-w- c:\windows\system32\wintrust.dll

2013-04-29 14:38:29 376832 ----a-w- c:\windows\system32\dpnet.dll

2013-04-29 14:38:27 31232 ----a-w- c:\windows\system32\prevhost.exe

2013-04-29 14:37:41 492032 ----a-w- c:\windows\system32\win32spl.dll

2013-04-29 14:37:39 195816 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-29 14:37:36 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2013-04-29 14:37:35 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2013-04-29 14:37:32 708608 ----a-w- c:\program files\common files\system\wab32.dll

2013-04-29 14:37:19 3958120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-04-29 14:37:19 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-29 14:37:17 69632 ----a-w- c:\windows\system32\smss.exe

2013-04-29 14:37:17 38912 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-29 14:36:57 82944 ----a-w- c:\windows\system32\iccvid.dll

2013-04-29 14:36:57 197632 ----a-w- c:\windows\system32\ir32_32.dll

2013-04-29 14:36:52 285696 ----a-w- c:\windows\system32\winlogon.exe

2013-04-29 14:36:26 1157632 ----a-w- c:\windows\system32\crypt32.dll

2013-04-29 14:36:25 139264 ----a-w- c:\windows\system32\cryptsvc.dll

2013-04-29 14:36:25 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-04-29 14:34:59 34816 ----a-w- c:\windows\system32\msasn1.dll

2013-04-29 14:33:58 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

2013-04-29 14:33:55 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL

2013-04-29 14:33:53 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll

2013-04-29 14:33:52 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll

2013-04-29 14:33:32 2691072 ----a-w- c:\windows\system32\mstscax.dll

2013-04-29 14:33:30 36864 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-29 14:33:30 131072 ----a-w- c:\windows\system32\aaclient.dll

2013-04-29 14:33:22 -------- d-----w- c:\program files\GridinSoft Trojan Killer

2013-04-29 14:33:16 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2013-04-29 14:33:05 1388544 ----a-w- c:\windows\system32\msxml6.dll

2013-04-29 14:33:00 740864 ----a-w- c:\windows\system32\inetcomm.dll

2013-04-29 14:32:49 507568 ----a-w- c:\windows\system32\winload.exe

2013-04-29 14:32:49 442920 ----a-w- c:\windows\system32\winresume.exe

2013-04-29 14:32:45 1320960 ----a-w- c:\windows\system32\CertEnroll.dll

2013-04-29 14:31:48 67584 ----a-w- c:\windows\system32\asycfilt.dll

2013-04-29 14:31:46 530432 ----a-w- c:\windows\system32\comctl32.dll

2013-04-29 14:31:44 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-04-29 14:31:43 187240 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-04-29 14:31:41 954752 ----a-w- c:\windows\system32\mfc40.dll

2013-04-29 14:31:40 954288 ----a-w- c:\windows\system32\mfc40u.dll

2013-04-29 14:31:30 164864 ----a-w- c:\program files\windows media player\wmplayer.exe

2013-04-29 14:31:27 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2013-04-29 14:31:25 67072 ----a-w- c:\windows\system32\packager.dll

2013-04-29 14:30:44 1553920 ----a-w- c:\windows\system32\tquery.dll

2013-04-29 14:30:44 1401856 ----a-w- c:\windows\system32\mssrch.dll

2013-04-29 14:30:41 666624 ----a-w- c:\windows\system32\mssvp.dll

2013-04-29 14:30:41 428032 ----a-w- c:\windows\system32\SearchIndexer.exe

2013-04-29 14:30:40 337408 ----a-w- c:\windows\system32\mssph.dll

2013-04-29 14:30:40 197120 ----a-w- c:\windows\system32\mssphtb.dll

2013-04-29 14:30:40 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2013-04-29 14:30:39 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2013-04-29 14:30:39 59392 ----a-w- c:\windows\system32\msscntrs.dll

2013-04-29 14:30:20 987136 ----a-w- c:\program files\common files\system\ado\msado15.dll

2013-04-29 14:26:42 642048 ----a-w- c:\windows\system32\CPFilters.dll

2013-04-29 14:26:39 850432 ----a-w- c:\windows\system32\sbe.dll

2013-04-29 14:26:38 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2013-04-29 14:26:01 1328640 ----a-w- c:\windows\system32\quartz.dll

2013-04-29 14:24:59 55296 ----a-w- c:\windows\system32\cero.rs

2013-04-29 14:23:59 690688 ----a-w- c:\windows\system32\msvcrt.dll

2013-04-29 14:23:55 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys

2013-04-29 14:23:50 163328 ----a-w- c:\windows\system32\profsvc.dll

2013-04-29 14:23:45 78336 ----a-w- c:\windows\system32\synceng.dll

2013-04-29 14:23:28 168448 ----a-w- c:\windows\system32\srvsvc.dll

2013-04-29 14:23:14 3181568 ----a-w- c:\windows\system32\mf.dll

2013-04-29 14:23:13 801792 ----a-w- c:\windows\system32\FntCache.dll

2013-04-29 14:23:10 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-04-29 14:23:08 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2013-04-29 14:23:08 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll

2013-04-29 14:23:07 135168 ----a-w- c:\windows\system32\XpsRasterService.dll

2013-04-29 14:22:46 204288 ----a-w- c:\windows\system32\upnp.dll

2013-04-29 14:22:40 80384 ----a-w- c:\windows\system32\davclnt.dll

2013-04-29 14:22:40 204800 ----a-w- c:\windows\system32\WebClnt.dll

2013-04-29 14:22:39 73728 ----a-w- c:\windows\system32\wscsvc.dll

2013-04-29 14:22:39 51200 ----a-w- c:\windows\system32\wscapi.dll

2013-04-29 14:22:39 350720 ----a-w- c:\windows\system32\winhttp.dll

2013-04-29 14:22:39 14336 ----a-w- c:\windows\system32\slwga.dll

2013-04-29 14:22:20 768512 ----a-w- c:\windows\system32\localspl.dll

2013-04-29 14:22:18 738816 ----a-w- c:\windows\system32\wmpmde.dll

2013-04-29 14:22:16 101760 ----a-w- c:\windows\system32\consent.exe

2013-04-29 14:22:01 442880 ----a-w- c:\windows\system32\ntshrui.dll

2013-04-29 14:20:55 123904 ----a-w- c:\windows\system32\poqexec.exe

2013-04-29 14:20:52 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2013-04-29 14:20:12 2048 ----a-w- c:\windows\system32\tzres.dll

2013-04-29 13:40:16 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2013-04-29 00:33:37 132608 ----a-w- c:\windows\system32\cabview.dll

2013-04-29 00:33:34 826368 ----a-w- c:\windows\system32\rdpcore.dll

2013-04-29 00:33:33 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2013-04-29 00:08:25 2422272 ----a-w- c:\windows\system32\wucltux.dll

2013-04-29 00:08:10 88576 ----a-w- c:\windows\system32\wudriver.dll

2013-04-29 00:07:57 33792 ----a-w- c:\windows\system32\wuapp.exe

2013-04-29 00:07:57 171904 ----a-w- c:\windows\system32\wuwebv.dll

2013-04-27 01:23:57 -------- d-----w- c:\users\user\appdata\local\Babylon

2013-04-27 01:23:46 -------- d-----w- c:\program files\GoforFiles

2013-04-25 18:38:27 -------- d-----w- c:\program files\HitmanPro

2013-04-25 18:37:12 -------- d-----w- c:\programdata\HitmanPro

2013-04-25 17:51:40 -------- d-----w- c:\program files\WebSearch

2013-04-25 17:51:28 -------- d-----w- c:\programdata\BBRowsE2savve

2013-04-23 22:35:19 -------- d-sh--w- C:\found.002

2013-04-22 21:22:50 -------- d-----w- C:\Expat Shield

2013-04-22 21:21:22 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor90.dll

2013-04-22 21:21:22 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor80.dll

2013-04-22 21:21:21 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor70.dll

2013-04-22 21:21:21 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor60.dll

2013-04-22 21:21:21 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll

2013-04-22 21:21:20 613704 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll

2013-04-22 21:21:18 -------- d-----w- c:\program files\Expat Shield

2013-04-22 20:38:26 -------- d-----w- c:\users\user\appdata\roaming\fltk.org

2013-04-22 19:17:43 -------- d-----w- c:\programdata\Sueaarychi-NNewTauB

2013-04-22 19:17:43 -------- d-----w- c:\programdata\SoftSafe

2013-04-22 19:17:25 -------- d-----w- c:\program files\BrowseToSave

2013-04-22 19:17:18 -------- d-----w- c:\programdata\BBrowse22ssave

2013-04-16 21:03:47 -------- d-----w- c:\program files\TryMedia

2013-04-16 21:03:30 -------- d-----w- c:\program files\DefaultTab

2013-04-16 21:03:21 -------- d-----w- c:\users\user\appdata\roaming\DefaultTab

2013-04-16 21:02:46 -------- d-----w- c:\program files\Cue Club

2013-04-16 19:48:25 -------- d-----w- c:\program files\PANDORA.TV

2013-04-16 19:47:12 -------- d-----w- c:\program files\The KMPlayer

2013-04-15 20:17:01 -------- d-----w- c:\program files\DealBulldog Toolbar Toolbar

2013-04-14 22:13:32 -------- d-----w- c:\windows\USB Vibration

2013-04-14 22:13:01 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll

2013-04-14 22:13:00 634880 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\iKernel.dll

2013-04-14 22:13:00 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\ctor.dll

2013-04-14 22:13:00 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\DotNetInstaller.exe

2013-04-14 22:13:00 270468 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\Setup.dll

2013-04-14 22:13:00 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\iscript.dll

2013-04-14 22:13:00 159876 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\IGdi.dll

2013-04-14 22:13:00 151552 ----a-w- c:\program files\common files\installshield\professional\runtime\0700\intel32\iuser.dll

2013-04-14 22:12:59 -------- d-----w- c:\program files\USB Vibration

2013-04-14 20:13:24 -------- d-----w- c:\users\user\appdata\roaming\Optimizer Pro

2013-04-14 20:13:03 -------- d-----w- c:\program files\Optimizer Pro

2013-04-14 19:58:56 -------- d-----w- c:\users\user\appdata\local\Bundled software uninstaller

2013-04-14 19:57:27 -------- d-----w- c:\program files\FilesFrog Update Checker

2013-04-14 19:42:08 -------- d-----w- c:\users\user\appdata\roaming\BabSolution

2013-04-14 19:42:06 -------- d-----w- c:\program files\Delta

2013-04-14 19:42:00 -------- d-----w- c:\users\user\appdata\roaming\Delta

2013-04-14 19:41:31 -------- d-----w- c:\users\user\appdata\roaming\GoforFiles

2013-04-14 02:10:56 -------- d-----w- c:\users\user\appdata\roaming\WhiteSmoke

2013-04-14 02:09:48 -------- d-----w- c:\program files\WhiteSmoke

2013-04-14 02:09:00 -------- d-----w- c:\users\user\appdata\local\SwvUpdater

2013-04-11 22:06:57 -------- d-----w- c:\programdata\Electronic Arts

2013-04-11 21:36:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2013-04-11 21:36:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2013-04-11 21:36:20 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2013-04-11 21:28:29 -------- d-----w- c:\windows\system32\AGEIA

2013-04-03 16:52:59 899184 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll

2013-04-03 16:51:50 42776 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll

2013-04-03 16:51:45 639312 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll

2013-04-02 17:44:16 -------- d-----w- c:\program files\CCleaner

2013-04-02 14:07:57 -------- d-----w- c:\users\user\appdata\local\Stardock

2013-04-01 18:22:53 -------- d-----w- c:\users\user\appdata\local\IsolatedStorage

2013-04-01 18:22:47 -------- d-----w- c:\users\user\appdata\local\Blue_Onion_Software

2013-04-01 18:18:57 -------- d-----w- c:\program files\Skin Pack

2013-04-01 18:18:11 3378176 ----a-w- c:\windows\system32\xpsrchvw.exe.xpize

2013-04-01 18:18:06 323584 ----a-w- c:\windows\system32\StikyNot.exe.xpize

2013-04-01 18:18:05 359936 ----a-w- c:\windows\system32\SnippingTool.exe.xpize

2013-04-01 18:18:05 137728 ----a-w- c:\windows\system32\SoundRecorder.exe.xpize

2013-04-01 18:18:01 280576 ----a-w- c:\windows\system32\rstrui.exe.xpize

2013-04-01 18:18:00 215040 ----a-w- c:\windows\system32\recdisc.exe.xpize

2013-04-01 18:16:30 -------- d-----w- c:\program files\Mountain Lion Skin Pack

2013-04-01 17:11:14 -------- d-----w- c:\users\user\appdata\roaming\Auslogics

2013-04-01 17:11:07 -------- d-----w- c:\program files\Auslogics

.

==================== Find3M ====================

.

2013-04-29 15:03:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-29 15:03:18 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-04-01 18:17:08 2755072 ----a-w- c:\windows\system32\themeui.dll

2013-04-01 18:17:07 37376 ----a-w- c:\windows\system32\themeservice.dll

2013-04-01 18:17:06 249856 ----a-w- c:\windows\system32\uxtheme.dll

2013-03-19 22:49:46 2199920 ----a-w- c:\windows\system32\sysperxg.dll

2013-03-12 01:10:56 237088 ------w- c:\windows\system32\MpSigStub.exe

2013-03-06 23:33:24 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-03-06 23:33:24 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-03-06 23:33:24 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-03-06 23:33:23 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-03-06 23:33:23 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-03-06 23:32:51 41664 ----a-w- c:\windows\avastSS.scr

.

============= FINISH: 14:25:10,19 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professionnel

Boot Device: \Device\HarddiskVolume1

Install Date: 09/07/2012 19:57:27

System Uptime: 01/05/2013 14:10:34 (0 hours ago)

.

Motherboard: HP | | 3600

Processor: AMD Turion X2 Ultra Dual-Core Mobile ZM-82 | Socket M2/S1G1 | 1100/1800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 222 GiB total, 119,839 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 0,996 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Périphérique Bluetooth

Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\7&2EB04CF7&0&00249F62C8D5_C00000000

Manufacturer:

Name: Périphérique Bluetooth

PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&000F\7&2EB04CF7&0&00249F62C8D5_C00000000

Service:

.

Class GUID:

Description: Périphérique système de base

Device ID: PCI\VEN_197B&DEV_2382&SUBSYS_3600103C&REV_00\4&3B99D9BB&0&0150

Manufacturer:

Name: Périphérique système de base

PNP Device ID: PCI\VEN_197B&DEV_2382&SUBSYS_3600103C&REV_00\4&3B99D9BB&0&0150

Service:

.

Class GUID:

Description: Périphérique système de base

Device ID: PCI\VEN_197B&DEV_2383&SUBSYS_3600103C&REV_00\4&3B99D9BB&0&0350

Manufacturer:

Name: Périphérique système de base

PNP Device ID: PCI\VEN_197B&DEV_2383&SUBSYS_3600103C&REV_00\4&3B99D9BB&0&0350

Service:

.

Class GUID:

Description:

Device ID: USB\VID_138A&PID_0001\5&2377BCB7&0&1

Manufacturer:

Name:

PNP Device ID: USB\VID_138A&PID_0001\5&2377BCB7&0&1

Service:

.

Class GUID:

Description: Périphérique Bluetooth

Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\7&2EB04CF7&0&00249F62C8D5_C00000000

Manufacturer:

Name: Périphérique Bluetooth

PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&000F\7&2EB04CF7&0&00249F62C8D5_C00000000

Service:

.

Class GUID:

Description: Périphérique système de base

Device ID: PCI\VEN_197B&DEV_2384&SUBSYS_3600103C&REV_00\4&3B99D9BB&0&0450

Manufacturer:

Name: Périphérique système de base

PNP Device ID: PCI\VEN_197B&DEV_2384&SUBSYS_3600103C&REV_00\4&3B99D9BB&0&0450

Service:

.

Class GUID:

Description: Périphérique Bluetooth

Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1293\7&2EB04CF7&0&002436CE033D_C00000000

Manufacturer:

Name: Périphérique Bluetooth

PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1293\7&2EB04CF7&0&002436CE033D_C00000000

Service:

.

Class GUID:

Description: Périphérique Bluetooth

Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010001_PID&0054\7&2EB04CF7&0&00240370EFD6_C00000000

Manufacturer:

Name: Périphérique Bluetooth

PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010001_PID&0054\7&2EB04CF7&0&00240370EFD6_C00000000

Service:

.

Class GUID:

Description:

Device ID: ACPI\ENE0100\4&160847D2&0

Manufacturer:

Name:

PNP Device ID: ACPI\ENE0100\4&160847D2&0

Service:

.

Class GUID:

Description: Périphérique Bluetooth

Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010001_PID&0054\7&2EB04CF7&0&00240370EFD6_C00000000

Manufacturer:

Name: Périphérique Bluetooth

PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010001_PID&0054\7&2EB04CF7&0&00240370EFD6_C00000000

Service:

.

==== System Restore Points ===================

.

RP47: 29/04/2013 01:44:18 - Windows Update

RP48: 30/04/2013 04:00:48 - Windows Update

RP49: 30/04/2013 13:58:29 - Windows Update

RP50: 01/05/2013 03:00:18 - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9 - Français

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Assistant de connexion Windows Live

Auslogics BoostSpeed

avast! Free Antivirus

BabylonObjectInstaller

BBRowsE2savve

Bonjour

BrowseToSave 1.74

CCleaner

Convert FLV to MP3

DealBulldog Toolbar Toolbar

DefaultTab

Delta Chrome Toolbar

Delta toolbar

EA Download Manager

eSafe Security Control 1.0.0.1982

Expat Shield 2.25

Facebook Video Calling 1.2.0.287

FilesFrog Update Checker

Giant Savings

GoforFiles

Google Chrome

Google Earth Plug-in

Google Update Helper

Hermès Hôtel 5.2

HitmanPro 3.7

Installation Windows Live

Internet Download Manager

Internet Haut Débit Mobile

iTunes

Lion 2011

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (French) 2007

Microsoft Office Excel MUI (French) 2007

Microsoft Office InfoPath MUI (French) 2007

Microsoft Office Outlook MUI (French) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (Arabic) 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (French) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Office Word MUI (French) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mise à jour Microsoft Office Excel 2007 Help (KB963678)

Mise à jour Microsoft Office Outlook 2007 Help (KB963677)

Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)

Mise à jour Microsoft Office Word 2007 Help (KB963665)

Mountain Lion Skin Pack 1.0-X64

Mozilla Firefox 20.0.1 (x86 fr)

Mozilla Maintenance Service

MSVC90_x86

MSVCRT

My Connection

Need for Speed™ SHIFT

Nokia Connectivity Cable Driver

Nokia PC Internet Access

Nokia PC Suite

NVIDIA PhysX

Optimizer Pro v3.0

Outil de téléchargement Windows Live

Package de pilotes Windows - Nokia Modem (02/25/2011 4.7)

Package de pilotes Windows - Nokia Modem (02/25/2011 7.01.0.9)

Package de pilotes Windows - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)

Pandora Service

PC Connectivity Solution

RealPlayer

Search Assistant WebSearch 1.74

Skype™ 6.3

Sueaarychi-NNewTauB

Supercopier

The KMPlayer (remove only)

Trojan Killer

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition

USB Vibration Joystick

VLC media player 0.9.9

Webplayer

Webplayer setup version 1.0

WhiteSmoke

Windows Live Call

Windows Live Communications Platform

Windows Live Messenger

WinRAR 4.20 (32-bit)

Yontoo 2.051

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Make sure you're subscribed to this topic:
Click on the
Follow This Topic Button
(at the top right of this page), make sure that the
Receive notification
box is checked and that it is set to
Instantly

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>
Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>
Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

<p>Hi mrC thank you for your response the log of the rogue killer is here</p>

<p> </p>

<p> </p>

<div> </div>

<div> </div>

<div> Time : 01/05/2013 16:00:39</div>

<div> --------------------------</div>

<div>[eGdpSvc.exe.vir] -> C:\ProgramData\eSafe\eGdpSvc.exe</div>

<div>[YontooDesktop.exe.vir] -> C:\Users\user\AppData\Roaming\Yontoo\YontooDesktop.exe</div>

<div>[YontooDesktop.exe.vir] -> C:\Users\user\AppData\Roaming\Yontoo\YontooDesktop.exe</div>

<div>[YontooDesktop.exe.vir] -> C:\Users\user\AppData\Roaming\Yontoo\YontooDesktop.exe</div>

<div>

<div>ROGUEKILLER SOFTWARE LICENSE TERMS</div>

<div> </div>

<div>These license terms are an agreement between I (Tigzy - RogueKiller's developer) and you.  </div>

<div>Please read them.  They apply to the software you are downloading from sur-la-toile.com (or Geekstogo.com).</div>

<div> </div>

<div>for this software, unless other terms accompany those items.  If so, those terms apply.</div>

<div> </div>

<div>BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS.  IF YOU DO NOT ACCEPT THEM, DO NOT USE THE SOFTWARE.</div>

<div> </div>

<div>If you comply with these license terms, you have the rights below.</div>

<div> </div>

<div>1. INSTALLATION AND USE RIGHTS.  You may install and use any number of copies of the software on your devices.</div>

<div> </div>

<div>2. SCOPE OF LICENSE.  The software is licensed, not sold. This agreement only gives you some rights to use the software.  I reserve all other rights.  Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement.  In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways.</div>

<div> </div>

<div>You may not:</div>

<div> </div>

<div>* work around any technical limitations in the binary versions of the software;</div>

<div>* reverse engineer, decompile or disassemble the binary versions of the software, except and only to the extent that </div>

<div>applicable law expressly permits, despite this limitation;</div>

<div>* make more copies of the software than specified in this agreement or allowed by applicable law, despite this limitation;</div>

<div>* PUBLISH THE SOFTWARE FOR OTHERS TO COPY without author's agreeement;</div>

<div>* rent, lease or lend the software;</div>

<div>* TRANSFERT THE SOFTWARE OR THIS AGREEMENT TO ANY THIRD PARTY</div>

<div>* USE THE SOFTWARE FOR COMMERCIAL SOFTWARE HOSTING SERVICES</div>

<div> </div>

<div>3. SUPPORT SERVICES. Because this software is <as is,> I may not provide support services for it.</div>

<div> </div>

<div>4. ENTIRE AGREEMENT.  This agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire agreement for the software and support services.</div>

<div> </div>

<div>5. DISCLAIMER OF WARRANTY.   THE SOFTWARE IS LICENSED “AS-IS.”  YOU BEAR THE RISK OF USING IT.</div>

<div> </div>

<div>6. DATA GRABBING. For statistical issue, the software can send data from your computer through the internet. By approving this contract, you agree with this. </div>

<div>Datas are not sensitive, they are related to your computer configuration (language, windows version, session name, ...) and to this software's internal datas (build number, pattern of infection, number of registry keys found, ...).</div>

<div>Basically, each information contained in the report generated by this software can be sent.</div>

<div>Datas are sent anonymously, it means no IP nor user information are kept.</div>

<div>Datas are used in this webpage : http://www.sur-la-toile.com/RogueKiller/stats.php</div>

<div> </div>

<div> </div>

<div>°°°°°° Français °°°°°°</div>

<div> </div>

<div>Ceci est une version partielle en Français des points les plus cruciaux.</div>

<div> </div>

<div>2 - Licence. Vous ne pouvez pas:</div>

<div> </div>

<div>* Publier ou mettre à disposition le logiciel sans accord express de l'auteur</div>

<div>* Louer, vendre ou céder le logiciel</div>

<div>* Transférer le logiciel dans un logiciel tierce / repacker le logiciel</div>

<div>* Mettre à disposition ce logiciel dans une banque d'hebergement de logiciels.</div>

<div> </div>

<div>6 - Récupération d'informations. Pour des raisons statistiques, le logiciel peut envoyer des données de votre ordinateur à travers internet.</div>

<div>En approuvant ce contrat, vous approuvez ceci. Les données ne sont pas sensibles, elles concernent uniquement la configuration du PC (Operating System, Windows version, Nom de session, ...) et les données internes au logiciel (infection trouvée, numéro de version, langue, ...).</div>

<div>Les données sont envoyées de manière anonyme. Aucune IP et aucune information utilisateur sont sauvegardées.</div>

<div>Les statistiques sont utilisées dans cette page : http://www.sur-la-toile.com/RogueKiller/stats.php</div>

<div> </div>

</div>

<div> </div>

<div> </div>

Link to post
Share on other sites

<p> </p>

<div>RogueKiller V8.5.4 [Mar 18 2013] par Tigzy</div>

<div>mail : tigzyRK<at>gmail<dot>com</div>

<div>Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html</div>

<div>Site Web : http://www.sur-la-toile.com/RogueKiller/</div>

<div>Blog : http://tigzyrk.blogspot.com/</div>

<div> </div>

<div>Systeme d'exploitation : Windows 7 (6.1.7600 ) 32 bits version</div>

<div>Demarrage : Mode normal</div>

<div>Utilisateur : user [Droits d'admin]</div>

<div>Mode : Recherche -- Date : 01/05/2013 16:00:39</div>

<div>| ARK || FAK || MBR |</div>

<div> </div>

<div>¤¤¤ Processus malicieux : 2 ¤¤¤</div>

<div>[sUSP PATH] eGdpSvc.exe -- C:\ProgramData\eSafe\eGdpSvc.exe [7] -> TUÉ [TermProc]</div>

<div>[sUSP PATH] YontooDesktop.exe -- C:\Users\user\AppData\Roaming\Yontoo\YontooDesktop.exe [7] -> TUÉ [TermProc]</div>

<div> </div>

<div>¤¤¤ Entrees de registre : 9 ¤¤¤</div>

<div>[RUN][sUSP PATH] HKCU\[...]\Run : Yontoo Desktop ("C:\Users\user\AppData\Roaming\Yontoo\YontooDesktop.exe") [7] -> TROUVÉ</div>

<div>[RUN][sUSP PATH] HKUS\S-1-5-21-2244274240-50500601-1090144593-1000[...]\Run : Yontoo Desktop ("C:\Users\user\AppData\Roaming\Yontoo\YontooDesktop.exe") [7] -> TROUVÉ</div>

<div>[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{563B9251-9288-44A0-B19E-EAF86B4DE545} : NameServer (212.217.0.1 212.217.1.1) -> TROUVÉ</div>

<div>[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ</div>

<div>[HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ</div>

<div>[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> TROUVÉ</div>

<div>[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ</div>

<div>[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ</div>

<div>[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ</div>

<div> </div>

<div>¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤</div>

<div> </div>

<div>¤¤¤ Driver : [CHARGE] ¤¤¤</div>

<div> </div>

<div>¤¤¤ Fichier HOSTS: ¤¤¤</div>

<div>--> C:\Windows\system32\drivers\etc\hosts</div>

<div> </div>

<div> </div>

<div> </div>

<div>¤¤¤ MBR Verif: ¤¤¤</div>

<div> </div>

<div>+++++ PhysicalDrive0: FUJITSU MHZ2250BH G2 ATA Device +++++</div>

<div>--- User ---</div>

<div>[MBR] d38e629c7de13cbd679e32d860578604</div>

<div>[bSP] 269333108f12c704a4375190c67f7c10 : Windows 7/8 MBR Code</div>

<div>Partition table:</div>

<div>0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo</div>

<div>1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 227548 Mo</div>

<div>2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 466225152 | Size: 10823 Mo</div>

<div>User = LL1 ... OK!</div>

<div>User = LL2 ... OK!</div>

<div> </div>

<div>Termine : << RKreport[1]_S_01052013_160039.txt >></div>

<div>RKreport[1]_S_01052013_160039.txt</div>

<div> </div>

<div> </div>

<div> </div>

Link to post
Share on other sites

Please uninstall all of these from your add/remove programs: (all adware)

BabylonObjectInstaller

DefaultTab

Delta Chrome Toolbar

Delta toolbar

WhiteSmoke

Yontoo 2.051

-------------------------------

Also take a look at these, any you didn't install or don't recognize ....... please uninstall:

My Connection

FilesFrog Update Checker

Mountain Lion Skin Pack 1.0-X64

Optimizer Pro v3.0

Reboot and .......

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites

hello thanks and please find the results

# AdwCleaner v2.300 - Rapport créé le 01/05/2013 à 17:32:46

# Mis à jour le 28/04/2013 par Xplode

# Système d'exploitation : Windows 7 Professional (32 bits)

# Nom d'utilisateur : user - USER-PC

# Mode de démarrage : Normal

# Exécuté depuis : C:\Users\user\Downloads\Programs\adwcleaner.exe

# Option [Recherche]

***** [services] *****

Présent : eSafeSvc

Présent : Yontoo Desktop Updater

***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Program Files\Desk 365

Dossier Présent : C:\Program Files\file scout

Dossier Présent : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com

Dossier Présent : C:\Program Files\TornTV.com

Dossier Présent : C:\Program Files\Trymedia

Dossier Présent : C:\Program Files\Webplayer setup

Dossier Présent : C:\ProgramData\Babylon

Dossier Présent : C:\ProgramData\BBrowse22ssave

Dossier Présent : C:\ProgramData\BBRowsE2savve

Dossier Présent : C:\ProgramData\eSafe

Dossier Présent : C:\ProgramData\InstallMate

Dossier Présent : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBrowse22ssave

Dossier Présent : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBRowsE2savve

Dossier Présent : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sueaarychi-NNewTauB

Dossier Présent : C:\ProgramData\RightClick

Dossier Présent : C:\ProgramData\SoftSafe

Dossier Présent : C:\ProgramData\Sueaarychi-NNewTauB

Dossier Présent : C:\ProgramData\Tarma Installer

Dossier Présent : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj

Dossier Présent : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oneaojkiifdhijjkpjfhjcnbfncmmmhn

Fichier Présent : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

Fichier Présent : C:\Program Files\Mozilla FireFox\searchplugins\qvo6.xml

Fichier Présent : C:\user.js

***** [Registre] *****

Clé Présente : HKCU\Software\1ClickDownload

Clé Présente : HKCU\Software\APN PIP

Clé Présente : HKCU\Software\AppDataLow\Software\Crossrider

Clé Présente : HKCU\Software\AppDataLow\Software\SmartBar

Clé Présente : HKCU\Software\AppDataLow\SProtector

Clé Présente : HKCU\Software\BI

Clé Présente : HKCU\Software\Conduit

Clé Présente : HKCU\Software\Cr_Installer

Clé Présente : HKCU\Software\DataMngr

Clé Présente : HKCU\Software\DataMngr_Toolbar

Clé Présente : HKCU\Software\f2ded1bd3eeb17

Clé Présente : HKCU\Software\InstallCore

Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}

Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BBCFB5F-930F-09DD-11EB-5B32019DD752}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D989929D-D991-AF01-B635-8D116625DC4C}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Clé Présente : HKCU\Software\Softonic

Clé Présente : HKLM\Software\Babylon

Clé Présente : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Clé Présente : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Clé Présente : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Clé Présente : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Clé Présente : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe

Clé Présente : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Clé Présente : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}

Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Clé Présente : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO

Clé Présente : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi

Clé Présente : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi.1

Clé Présente : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox

Clé Présente : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1

Clé Présente : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}

Clé Présente : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Clé Présente : HKLM\SOFTWARE\Classes\Prod.cap

Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}

Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Clé Présente : HKLM\Software\DataMngr

Clé Présente : HKLM\Software\Desksvc

Clé Présente : HKLM\Software\eSafeSecControl

Clé Présente : HKLM\SOFTWARE\f2ded1bd3eeb17

Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32

Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS

Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Clé Présente : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9937E55B-6331-4804-93EF-77E992F204BD}

Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}

Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}

Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}

Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}

Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}

Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl

Clé Présente : HKLM\Software\PIP

Clé Présente : HKLM\Software\qvo6Software

Clé Présente : HKLM\SOFTWARE\Software

Clé Présente : HKLM\Software\SP Global

Clé Présente : HKLM\Software\SProtector

Clé Présente : HKLM\Software\Tarma Installer

Clé Présente : HKU\S-1-5-21-2244274240-50500601-1090144593-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Clé Présente : HKU\S-1-5-21-2244274240-50500601-1090144593-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Clé Présente : HKU\S-1-5-21-2244274240-50500601-1090144593-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}

Clé Présente : HKU\S-1-5-21-2244274240-50500601-1090144593-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Valeur Présente : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [2]

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16476

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?affID=119721&babsrc=HP_ss&mntrId=D40806242B19605B

[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=FUJITSUXMHZ2250BHXG2_K617T8A37D62&ts=1364240115

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=FUJITSUXMHZ2250BHXG2_K617T8A37D62&ts=1364240115

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.youwillfind.info/?pid=714&r=2013/04/25&hid=2584483772&lg=EN&cc=MA

-\\ Mozilla Firefox v20.0.1 (fr)

-\\ Google Chrome v26.0.1410.64

*************************

AdwCleaner[R1].txt - [10385 octets] - [01/05/2013 17:24:20]

AdwCleaner[R2].txt - [10315 octets] - [01/05/2013 17:32:46]

########## EOF - C:\AdwCleaner[R2].txt - [10376 octets] ##########

Link to post
Share on other sites

Please create a new system restore point before continuing.

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

hello thanks and please find the results

# AdwCleaner v2.300 - Rapport créé le 01/05/2013 à 18:38:09

# Mis à jour le 28/04/2013 par Xplode

# Système d'exploitation : Windows 7 Professional (32 bits)

# Nom d'utilisateur : user - USER-PC

# Mode de démarrage : Normal

# Exécuté depuis : C:\Users\user\Desktop\adwcleaner.exe

# Option [suppression]

***** [services] *****

Arrêté & Supprimé : eSafeSvc

Arrêté & Supprimé : Yontoo Desktop Updater

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Program Files\Desk 365

Dossier Supprimé : C:\Program Files\file scout

Dossier Supprimé : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com

Dossier Supprimé : C:\Program Files\TornTV.com

Dossier Supprimé : C:\Program Files\Trymedia

Dossier Supprimé : C:\Program Files\Webplayer setup

Dossier Supprimé : C:\ProgramData\Babylon

Dossier Supprimé : C:\ProgramData\BBrowse22ssave

Dossier Supprimé : C:\ProgramData\BBRowsE2savve

Dossier Supprimé : C:\ProgramData\eSafe

Dossier Supprimé : C:\ProgramData\InstallMate

Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBrowse22ssave

Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBRowsE2savve

Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sueaarychi-NNewTauB

Dossier Supprimé : C:\ProgramData\RightClick

Dossier Supprimé : C:\ProgramData\SoftSafe

Dossier Supprimé : C:\ProgramData\Sueaarychi-NNewTauB

Dossier Supprimé : C:\ProgramData\Tarma Installer

Dossier Supprimé : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj

Dossier Supprimé : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oneaojkiifdhijjkpjfhjcnbfncmmmhn

Fichier Supprimé : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

Fichier Supprimé : C:\Program Files\Mozilla FireFox\searchplugins\qvo6.xml

Fichier Supprimé : C:\user.js

***** [Registre] *****

Clé Supprimée : HKCU\Software\1ClickDownload

Clé Supprimée : HKCU\Software\APN PIP

Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider

Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar

Clé Supprimée : HKCU\Software\AppDataLow\SProtector

Clé Supprimée : HKCU\Software\BI

Clé Supprimée : HKCU\Software\Conduit

Clé Supprimée : HKCU\Software\Cr_Installer

Clé Supprimée : HKCU\Software\DataMngr

Clé Supprimée : HKCU\Software\DataMngr_Toolbar

Clé Supprimée : HKCU\Software\f2ded1bd3eeb17

Clé Supprimée : HKCU\Software\InstallCore

Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}

Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BBCFB5F-930F-09DD-11EB-5B32019DD752}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D989929D-D991-AF01-B635-8D116625DC4C}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Clé Supprimée : HKCU\Software\Softonic

Clé Supprimée : HKLM\Software\Babylon

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Clé Supprimée : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe

Clé Supprimée : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Clé Supprimée : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO

Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi

Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi.1

Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox

Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1

Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}

Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap

Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}

Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Clé Supprimée : HKLM\Software\DataMngr

Clé Supprimée : HKLM\Software\Desksvc

Clé Supprimée : HKLM\Software\eSafeSecControl

Clé Supprimée : HKLM\SOFTWARE\f2ded1bd3eeb17

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9937E55B-6331-4804-93EF-77E992F204BD}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl

Clé Supprimée : HKLM\Software\PIP

Clé Supprimée : HKLM\Software\qvo6Software

Clé Supprimée : HKLM\SOFTWARE\Software

Clé Supprimée : HKLM\Software\SP Global

Clé Supprimée : HKLM\Software\SProtector

Clé Supprimée : HKLM\Software\Tarma Installer

Valeur Supprimée : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [2]

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16476

Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?affID=119721&babsrc=HP_ss&mntrId=D40806242B19605B --> hxxp://www.google.com

Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=FUJITSUXMHZ2250BHXG2_K617T8A37D62&ts=1364240115 --> hxxp://www.google.com

Remplacé : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=FUJITSUXMHZ2250BHXG2_K617T8A37D62&ts=1364240115 --> hxxp://www.google.com

Remplacé : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.youwillfind.info/?pid=714&r=2013/04/25&hid=2584483772&lg=EN&cc=MA --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (fr)

-\\ Google Chrome v26.0.1410.64

*************************

AdwCleaner[R1].txt - [10385 octets] - [01/05/2013 17:24:20]

AdwCleaner[R2].txt - [10446 octets] - [01/05/2013 17:32:46]

AdwCleaner[s1].txt - [9689 octets] - [01/05/2013 18:38:09]

########## EOF - C:\AdwCleaner[s1].txt - [9749 octets] ##########

Link to post
Share on other sites

please find the results

ComboFix 13-05-01.03 - user 01/05/2013 19:29:34.1.2 - x86

Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.2046.854 [GMT 1:00]

Lancé depuis: c:\users\user\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Windows Update

c:\programdata\Windows Update\bkr.bat

c:\windows\system32\ActionCenter.dll.xpize

c:\windows\system32\authui.dll.xpize

c:\windows\system32\batmeter.dll.xpize

c:\windows\system32\ExplorerFrame.dll.xpize

c:\windows\system32\imageres.dll.xpize

c:\windows\system32\imagesp1.dll.xpize

c:\windows\system32\pnidui.dll.xpize

c:\windows\system32\pnpui.dll.xpize

c:\windows\system32\SndVolSSO.dll.xpize

c:\windows\system32\stobject.dll.xpize

c:\windows\system32\wmploc.dll.xpize

D:\perl.pif

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2013-04-01 au 2013-05-01 ))))))))))))))))))))))))))))))))))))

.

.

2013-05-01 18:40 . 2013-05-01 18:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-01 18:14 . 2013-04-26 06:06 121600 ----a-w- c:\windows\system32\drivers\WinisoCDBus.sys

2013-05-01 18:10 . 2013-05-01 18:10 -------- d-----w- c:\users\user\AppData\Local\WinISO Computing

2013-05-01 18:10 . 2013-05-01 18:10 -------- d-----w- c:\users\user\AppData\Roaming\WinISO Computing

2013-05-01 18:10 . 2013-05-01 18:10 -------- d-----w- c:\program files\WinISO Computing

2013-05-01 17:01 . 2013-05-01 17:01 -------- d-----w- c:\windows\fr

2013-05-01 17:01 . 2010-09-22 23:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2013-05-01 17:00 . 2013-05-01 17:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2013-05-01 16:58 . 2013-05-01 16:58 -------- d-----w- c:\program files\MSN Toolbar

2013-05-01 16:58 . 2013-05-01 16:58 -------- d-----w- c:\program files\Bing Bar Installer

2013-05-01 16:56 . 2013-05-01 16:56 -------- d-----w- c:\program files\Microsoft Silverlight

2013-05-01 16:51 . 2013-05-01 16:51 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\1be7caea1ce468c2d\InstallManager_WLE_WLE.exe

2013-05-01 16:50 . 2013-05-01 16:50 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\a7301811ce468c22\MeshBetaRemover.exe

2013-05-01 16:50 . 2013-05-01 16:50 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\fb37ccd61ce468b1a\DSETUP.dll

2013-05-01 16:50 . 2013-05-01 16:50 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\fb37ccd61ce468b1a\DXSETUP.exe

2013-05-01 16:50 . 2013-05-01 16:50 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\fb37ccd61ce468b1a\dsetup32.dll

2013-05-01 16:50 . 2013-05-01 16:50 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\f8cefa5f1ce468b19\DSETUP.dll

2013-05-01 16:50 . 2013-05-01 16:50 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\f8cefa5f1ce468b19\DXSETUP.exe

2013-05-01 16:50 . 2013-05-01 16:50 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\f8cefa5f1ce468b19\dsetup32.dll

2013-05-01 16:49 . 2013-05-01 16:49 6260088 ----a-w- c:\program files\Common Files\Windows Live\.cache\e054c38f1ce468b0e\Silverlight.4.0.exe

2013-05-01 16:49 . 2013-05-01 16:49 -------- d-----w- c:\users\user\AppData\Local\Windows Live

2013-05-01 12:37 . 2013-05-01 12:37 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes

2013-05-01 12:37 . 2013-05-01 12:37 -------- d-----w- c:\programdata\Malwarebytes

2013-05-01 12:37 . 2013-05-01 12:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-05-01 12:37 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-30 17:03 . 2012-07-06 19:31 393216 ----a-w- c:\windows\system32\drivers\bthport.sys

2013-04-30 17:03 . 2011-04-28 03:29 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS

2013-04-30 16:58 . 2013-04-17 06:31 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58CEB078-E2AA-4FD5-BAB0-9BD61E7DE975}\mpengine.dll

2013-04-30 14:56 . 2013-04-30 14:56 -------- d-----w- c:\windows\system32\wbem\en-US

2013-04-30 14:22 . 2012-12-16 14:25 295424 ----a-w- c:\windows\system32\atmfd.dll

2013-04-30 14:22 . 2012-12-16 14:25 34304 ----a-w- c:\windows\system32\atmlib.dll

2013-04-30 14:18 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll

2013-04-30 14:01 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2013-04-30 14:01 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

2013-04-30 14:01 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll

2013-04-30 14:01 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2013-04-30 14:01 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

2013-04-30 13:27 . 2013-04-30 13:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2013-04-30 13:24 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2013-04-30 13:24 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-04-30 13:24 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll

2013-04-30 13:23 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2013-04-30 13:23 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2013-04-30 13:23 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2013-04-30 13:23 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2013-04-30 13:22 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2013-04-30 13:22 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2013-04-30 13:22 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll

2013-04-30 13:21 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2013-04-30 13:21 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll

2013-04-30 13:21 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll

2013-04-30 13:02 . 2013-04-30 13:02 -------- d-----w- c:\windows\system32\Wat

2013-04-30 03:07 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2013-04-30 03:07 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2013-04-30 03:02 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2013-04-29 14:41 . 2012-02-11 05:41 316928 ----a-w- c:\windows\system32\spoolsv.exe

2013-04-29 14:40 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe

2013-04-29 14:40 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll

2013-04-29 14:40 . 2013-04-12 13:58 1210728 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-29 14:39 . 2012-11-22 09:33 627712 ----a-w- c:\windows\system32\usp10.dll

2013-04-29 14:39 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2013-04-29 14:39 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2013-04-29 14:39 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2013-04-29 14:39 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2013-04-29 14:39 . 2013-02-12 13:51 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-04-29 14:39 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll

2013-04-29 14:39 . 2013-03-01 03:11 2345984 ----a-w- c:\windows\system32\win32k.sys

2013-04-29 14:39 . 2012-08-24 17:10 172544 ----a-w- c:\windows\system32\wintrust.dll

2013-04-29 14:38 . 2012-11-02 04:48 376832 ----a-w- c:\windows\system32\dpnet.dll

2013-04-29 14:38 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe

2013-04-29 14:37 . 2012-11-09 04:49 492032 ----a-w- c:\windows\system32\win32spl.dll

2013-04-29 14:37 . 2013-01-24 04:51 195816 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-29 14:37 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2013-04-29 14:37 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2013-04-29 14:37 . 2011-10-01 04:43 708608 ----a-w- c:\program files\Common Files\System\wab32.dll

2013-04-29 14:37 . 2013-03-19 05:06 3958120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-04-29 14:37 . 2013-03-19 05:06 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-29 14:37 . 2013-03-19 04:54 38912 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-29 14:37 . 2013-03-19 02:50 69632 ----a-w- c:\windows\system32\smss.exe

2013-04-29 14:36 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll

2013-04-29 14:36 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll

2013-04-29 14:36 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe

2013-04-29 14:36 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\system32\crypt32.dll

2013-04-29 14:36 . 2012-06-02 04:45 139264 ----a-w- c:\windows\system32\cryptsvc.dll

2013-04-29 14:36 . 2012-06-02 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-04-29 14:34 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll

2013-04-29 14:33 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-04-29 14:33 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-04-29 14:33 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-04-29 14:33 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-04-29 14:33 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\system32\mstscax.dll

2013-04-29 14:33 . 2013-02-12 15:07 131072 ----a-w- c:\windows\system32\aaclient.dll

2013-04-29 14:33 . 2013-02-12 13:59 36864 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-29 14:33 . 2013-04-29 14:57 -------- d-----w- c:\program files\GridinSoft Trojan Killer

2013-04-29 14:33 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2013-04-29 14:33 . 2012-11-02 04:50 1388544 ----a-w- c:\windows\system32\msxml6.dll

2013-04-29 14:33 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll

2013-04-29 14:32 . 2009-07-14 01:17 495616 ----a-w- c:\windows\system32\winload.exe

2013-04-29 14:32 . 2009-07-14 01:17 431616 ----a-w- c:\windows\system32\winresume.exe

2013-04-29 14:32 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll

2013-04-29 14:31 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll

2013-04-29 14:31 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll

2013-04-29 14:31 . 2013-01-04 04:55 1287528 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-04-29 14:31 . 2013-01-04 04:55 187240 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-04-29 14:31 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll

2013-04-29 14:31 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll

2013-04-29 14:31 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2013-04-29 14:31 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2013-04-29 14:31 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll

2013-04-29 14:30 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll

2013-04-29 14:30 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll

2013-04-29 14:30 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll

2013-04-29 14:30 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe

2013-04-29 14:30 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll

2013-04-29 14:30 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll

2013-04-29 14:30 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe

2013-04-29 14:30 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll

2013-04-29 14:30 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe

2013-04-29 14:30 . 2012-06-06 05:09 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2013-04-29 14:26 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll

2013-04-29 14:26 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll

2013-04-29 14:26 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2013-04-29 14:26 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll

2013-04-29 14:24 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-04-29 14:23 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-29 15:03 . 2012-07-10 21:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-29 15:03 . 2012-07-10 21:30 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-04-01 18:17 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll

2013-04-01 18:17 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll

2013-04-01 18:17 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll

2013-03-19 22:49 . 2013-03-22 21:23 2199920 ----a-w- c:\windows\system32\sysperxg.dll

2013-03-12 01:10 . 2012-07-10 21:30 237088 ------w- c:\windows\system32\MpSigStub.exe

2013-03-06 23:33 . 2012-12-16 16:03 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-03-06 23:33 . 2012-07-09 19:06 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-03-06 23:33 . 2012-07-09 19:06 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-03-06 23:33 . 2012-12-16 16:05 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-03-06 23:33 . 2012-07-09 19:06 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-03-06 23:33 . 2012-07-09 19:06 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-03-06 23:32 . 2012-07-09 19:05 41664 ----a-w- c:\windows\avastSS.scr

2013-03-06 23:32 . 2012-07-09 19:05 228600 ----a-w- c:\windows\system32\aswBoot.exe

2013-04-12 03:01 . 2013-04-12 03:01 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]

2012-01-04 23:02 233288 ----a-w- c:\program files\Expat Shield\HssIE\ExpatIE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-03-06 23:32 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaPCInternetAccess"="c:\program files\Nokia\PC Internet Access\NPCIA.exe" [2009-05-26 651264]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]

"Facebook Update"="c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-17 138096]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-03-01 3573624]

"Supercopier.exe"="c:\program files\Supercopier\Supercopier.exe" [2013-01-27 2148352]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2012-07-09 198160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-03-06 4767304]

"IAM Wave ModemListener"="c:\program files\My Connection\BackgroundService\ModemListener.exe" [2010-12-07 102400]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

DeskDrive.lnk - c:\program files\Mountain Lion Skin Pack\DeskDrive\DeskDrive.exe [N/A]

Finderbar.lnk - c:\program files\Mountain Lion Skin Pack\Finderbar\Finderbar.exe [N/A]

Refresh.lnk - c:\program files\Mountain Lion Skin Pack\Tools\Refresh.cmd [N/A]

RocketDock.lnk - c:\program files\Mountain Lion Skin Pack\RocketDock\RocketDock.exe [N/A]

SkinPackMenu.lnk - c:\program files\Mountain Lion Skin Pack\SP.exe [N/A]

UberIcon.lnk - c:\program files\Mountain Lion Skin Pack\UberIcon\UberIcon.exe [N/A]

VirtuaWin.lnk - c:\program files\Mountain Lion Skin Pack\VirtuaWin\VirtuaWin.exe [N/A]

Winroll.lnk - c:\program files\Mountain Lion Skin Pack\Winroll\winroll.exe [N/A]

xwidget.lnk - c:\program files\Mountain Lion Skin Pack\Xwidget\xwidget.exe [N/A]

YzShadow.lnk - c:\program files\Mountain Lion Skin Pack\YzShadow\YzShadow.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

R2 IAM Wave Modem Device Helper;IAM Wave Modem Device Helper;c:\program files\My Connection\BackgroundService\ServiceManager.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 aswVmm;aswVmm; [x]

R3 ExpatTrayService;Expat Shield Tray Service;c:\program files\Expat Shield\bin\ExpatTrayService.EXE [x]

R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [x]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [x]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 aswRvrt;aswRvrt; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 ExpatShieldService;Expat Shield Service;c:\program files\Expat Shield\bin\openvpnas.exe [x]

S2 ExpatSrv;Expat Shield Routing Service;c:\program files\Expat Shield\HssWPR\hsssrv.exe [x]

S2 ExpatWd;Expat Shield Monitoring Service;c:\program files\Expat Shield\bin\hsswd.exe [x]

S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]

S2 WinisoCDBus;WinISO Virtual CD Drive;c:\windows\system32\drivers\WinisoCDBus.sys [x]

S3 RTL8167;Pilote Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

--- Autres Services/Pilotes en mémoire ---

.

*NewlyCreated* - WINISOCDBUS

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-10 15:00 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Contenu du dossier 'Tâches planifiées'

.

2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 15:03]

.

2013-05-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244274240-50500601-1090144593-1000Core.job

- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-22 14:29]

.

2013-05-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244274240-50500601-1090144593-1000UA.job

- c:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-22 14:29]

.

2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-07 18:36]

.

2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-07 18:36]

.

2013-04-21 c:\windows\Tasks\ReclaimerUpdateFiles_user.job

- c:\users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-27 19:57]

.

2013-04-16 c:\windows\Tasks\ReclaimerUpdateXML_user.job

- c:\users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-27 19:57]

.

2013-05-01 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_user.job

- c:\users\user\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-27 19:57]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{563B9251-9288-44A0-B19E-EAF86B4DE545}: NameServer = 212.217.0.1 212.217.1.1

FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7ugqgsts.default\

FF - prefs.js: browser.search.defaulturl - hxxp://websearch.youwillfind.info/?pid=714&r=2013/04/25&hid=2584483772&lg=EN&cc=MA&l=1&q=

FF - prefs.js: browser.startup.homepage -

FF - ExtSQL: 2013-03-25 19:28; torntv2@torntv.com; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7ugqgsts.default\extensions\torntv2@torntv.com.xpi

FF - ExtSQL: 2013-03-25 19:29; plugin@yontoo.com; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7ugqgsts.default\extensions\plugin@yontoo.com

FF - ExtSQL: 2013-04-15 20:17; {75656794-AB59-4712-BFBC-5D816D56F3BC}; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7ugqgsts.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}

FF - ExtSQL: 2013-04-16 21:09; ffxtlbr@delta.com; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7ugqgsts.default\extensions\ffxtlbr@delta.com

FF - ExtSQL: 2013-04-21 01:12; addon@defaulttab.com; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7ugqgsts.default\extensions\addon@defaulttab.com.xpi

FF - ExtSQL: 2013-04-22 21:21; afurladvisor@anchorfree.com; c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com

FF - ExtSQL: 2013-04-22 22:20; cxzfess@ghqiyuqsc.org; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7ugqgsts.default\extensions\cxzfess@ghqiyuqsc.org

FF - ExtSQL: 2013-04-22 22:20; aoazhb@avuuzuyorae.org; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7ugqgsts.default\extensions\aoazhb@avuuzuyorae.org

FF - ExtSQL: 2013-04-28 14:47; ouaoqe2@cr.org; c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7ugqgsts.default\extensions\ouaoqe2@cr.org

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113357

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - d408927f00000000000006242b19605b

FF - user.js: extensions.BabylonToolbar_i.hardId - d408927f00000000000006242b19605b

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15534

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:24

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.delta.tlbrSrchUrl -

FF - user.js: extensions.delta.id - d408927f00000000000006242b19605b

FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

FF - user.js: extensions.delta.instlDay - 15811

FF - user.js: extensions.delta.vrsn - 1.8.16.16

FF - user.js: extensions.delta.vrsni - 1.8.16.16

FF - user.js: extensions.delta.vrsnTs - 1.8.16.1621:09

FF - user.js: extensions.delta.prtnrId - delta

FF - user.js: extensions.delta.prdct - delta

FF - user.js: extensions.delta.aflt - babsst

FF - user.js: extensions.delta.smplGrp - none

FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst

FF - user.js: extensions.delta.dfltLng - en

FF - user.js: extensions.delta.excTlbr - false

FF - user.js: extensions.delta.ffxUnstlRst - true

FF - user.js: extensions.delta.admin - false

FF - user.js: extensions.delta.autoRvrt - false

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.newTab - false

.

- - - - ORPHELINS SUPPRIMES - - - -

.

HKCU-Run-XLaunchpad - c:\program files\Mountain Lion Skin Pack\RocketDock\XLaunchPad\XLaunchPad.exe

AddRemove-{939248F9-32BD-4887-AA6C-7A9F48716A0F} - c:\progra~2\INSTAL~2\{93924~1\Setup.exe

AddRemove-{D6437208-0D1A-B044-885C-AD64A224344F} - c:\progra~2\INSTAL~2\{4126A~1\Setup.exe

AddRemove-{E82C07E2-3879-3E53-F3BC-2A22F8F98759} - c:\progra~2\INSTAL~2\{2FCD0~1\Setup.exe

.

.

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_USERS\S-1-5-21-2244274240-50500601-1090144593-1000_Classes\CLSID\{2eeddf51-d2ad-44b5-a05b-3cc1ad2a6173}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000014

"Therad"=dword:0000001e

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\

.

[HKEY_USERS\S-1-5-21-2244274240-50500601-1090144593-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):2e,54,1e,8e,10,58,c9,b4,f4,a0,5d,71,cc,18,26,b8,5a,1e,ea,c3,0e,

26,e2,7e,55,c6,7c,1c,20,02,a6,34,2d,9e,2c,03,50,5e,c1,a9,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-2244274240-50500601-1090144593-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):fb,5f,1b,63,6a,2d,5e,f7,27,8c,94,dc,af,40,96,08,e0,d8,33,73,a3,

02,66,2c,08,23,f4,14,dd,96,87,80,cd,8d,27,00,90,85,eb,32,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-2244274240-50500601-1090144593-1000_Classes\CLSID\{d71b7f0b-fb12-4dcd-9d19-11267b37956f}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:00000050

"Therad"=dword:00000004

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Heure de fin: 2013-05-01 19:44:23

ComboFix-quarantined-files.txt 2013-05-01 18:44

.

Avant-CF: 128 351 330 304 octets libres

Après-CF: 129 275 596 800 octets libres

.

- - End Of File - - 4C29A14FD018CB942EE3C207F965A5BA

Link to post
Share on other sites

How is it?

What problems remain?

I see these are still showing in Firefox though:

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113357

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - d408927f00000000000006242b19605b

FF - user.js: extensions.BabylonToolbar_i.hardId - d408927f00000000000006242b19605b

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15534

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:24

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Let me know.....MrC

Link to post
Share on other sites

Good....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

hi mrC

please find the results

Results of screen317's Security Check version 0.99.63

Windows 7 x86 (UAC is disabled!)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

CCleaner

Adobe Flash Player 11.6.602.180

Adobe Reader 9 Adobe Reader out of Date!

Google Chrome 26.0.1410.43

Google Chrome 26.0.1410.64

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

Alwil Software Avast5 AvastSvc.exe

Alwil Software Avast5 AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.

Please update or uninstall them:

Windows 7 x86 (UAC is disabled!)

Out of date service pack!! <---Check Windows Update for this

---------------------------

Adobe Reader 9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

-----------------------------------

Google Chrome 26.0.1410.43 <-----OLD

Google Chrome 26.0.1410.64 <-----OK

You have old versions of Google Chrome on the system.

Please download and run OldChromeRemover.

@Windows Vista/Windows 7-8 users must use “Run As Administrator.”

--------------------------------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.