Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Police Ransom Virus
Message
<blockquote data-quote="edward1" data-source="post: 93790" data-attributes="member: 4314"><p>RogueKiller V8.4.2 [Dec 31 2012] by Tigzy</p><p>mail : tigzyRK<at>gmail<dot>com</p><p>Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/</p><p>Website : http://tigzy.geekstogo.com/roguekiller.php</p><p>Blog : http://tigzyrk.blogspot.com/</p><p></p><p>Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version</p><p>Started in : Normal mode</p><p>User : Jane [Admin rights]</p><p>Mode : Remove -- Date : 01/04/2013 16:46:59</p><p></p><p>¤¤¤ Bad processes : 0 ¤¤¤</p><p></p><p>¤¤¤ Registry Entries : 3 ¤¤¤</p><p>[RUN][SUSP PATH] HKLM\[...]\Run : Nuance PDF Reader-reminder ("C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nuance\PDF Reader\Ereg\Ereg.ini") -> DELETED</p><p>[STARTUP][Rans.Gendarm] runctf.lnk @Administrator : C:\WINDOWS\system32\rundll32.exe|c:\docume~1\jane\wgsdgsdgdsgsd.dll,H1N1 -> DELETED</p><p>[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)</p><p></p><p>¤¤¤ Particular Files / Folders: ¤¤¤</p><p></p><p>¤¤¤ Driver : [LOADED] ¤¤¤</p><p>_INLINE_ : NtAllocateVirtualMemory -> HOOKED (\??\C:\WINDOWS\system32\drivers\hitmanpro37.sys @ 0xB70C4566)</p><p></p><p>¤¤¤ Infection : Rans.Gendarm ¤¤¤</p><p></p><p>¤¤¤ HOSTS File: ¤¤¤</p><p>--> C:\WINDOWS\system32\drivers\etc\hosts</p><p></p><p>127.0.0.1 localhost</p><p></p><p></p><p>¤¤¤ MBR Check: ¤¤¤</p><p></p><p>+++++ PhysicalDrive0: +++++</p><p>--- User ---</p><p>[MBR] 9c2d2e821e1196f89b8c787eaee3832a</p><p>[BSP] 452d25cb2895d0e29ce1e928057ea15e : Windows XP MBR Code</p><p>Partition table:</p><p>0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo</p><p>User = LL1 ... OK!</p><p>User = LL2 ... OK!</p><p></p><p>+++++ PhysicalDrive1: +++++</p><p>--- User ---</p><p>[MBR] e2889933bf33c4b43d0a6a44b1c5db1b</p><p>[BSP] 06b1884231d34035de17e05110ce18c1 : MBR Code unknown</p><p>Partition table:</p><p>0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 7387 Mo</p><p>User = LL1 ... OK!</p><p>Error reading LL2 MBR!</p><p></p><p>Finished : << RKreport[2]_D_01042013_02d1646.txt >></p><p>RKreport[1]_S_01042013_02d1645.txt ; RKreport[2]_D_01042013_02d1646.txt</p><p></p><p></p><p></p><p># AdwCleaner v2.104 - Logfile created 01/04/2013 at 16:38:58</p><p># Updated 29/12/2012 by Xplode</p><p># Operating system : Microsoft Windows XP Service Pack 3 (32 bits)</p><p># User : Jane - PETERCOMPUTERNO</p><p># Boot Mode : Normal</p><p># Running from : E:\AdwCleaner.exe</p><p># Option [Delete]</p><p></p><p></p><p>***** [Services] *****</p><p></p><p></p><p>***** [Files / Folders] *****</p><p></p><p>File Deleted : C:\Documents and Settings\Jane\Local Settings\Application Data\funmoods.crx</p><p>File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job</p><p>Folder Deleted : C:\DOCUME~1\Jane\LOCALS~1\Temp\{f34c9277-6577-4dff-b2d7-7d58092f272f}</p><p>Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon</p><p>Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess</p><p>Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate</p><p>Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Premium</p><p>Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer</p><p>Folder Deleted : C:\Documents and Settings\Jane\Application Data\Babylon</p><p>Folder Deleted : C:\Documents and Settings\Jane\Application Data\Complitly</p><p>Folder Deleted : C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\Searchqutoolbar</p><p>Folder Deleted : C:\Documents and Settings\Jane\Application Data\PriceGong</p><p>Folder Deleted : C:\Documents and Settings\Jane\Application Data\searchquband</p><p>Folder Deleted : C:\Documents and Settings\Jane\Application Data\Searchqutoolbar</p><p>Folder Deleted : C:\Documents and Settings\Jane\Local Settings\Application Data\AskToolbar</p><p>Folder Deleted : C:\Documents and Settings\Jane\Local Settings\Application Data\Babylon</p><p>Folder Deleted : C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh</p><p>Folder Deleted : C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda</p><p>Folder Deleted : C:\Documents and Settings\Jane\Local Settings\Application Data\Ilivid Player</p><p>Folder Deleted : C:\Program Files\Ask.com</p><p>Folder Deleted : C:\Program Files\Complitly</p><p>Folder Deleted : C:\Program Files\PriceGong</p><p>Folder Deleted : C:\Program Files\search results toolbar</p><p>Folder Deleted : C:\Program Files\SearchCore for Browsers</p><p>Folder Deleted : C:\Program Files\Windows iLivid Toolbar</p><p>Folder Deleted : C:\Program Files\Yontoo Layers Runtime</p><p>Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}</p><p></p><p>***** [Registry] *****</p><p></p><p>Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\search~2\datamngr\datamngr.dll</p><p>Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\search~2\datamngr\iebho.dll</p><p>Key Deleted : HKCU\Software\APN</p><p>Key Deleted : HKCU\Software\APN DTX</p><p>Key Deleted : HKCU\Software\Ask.com</p><p>Key Deleted : HKCU\Software\AskToolbar</p><p>Key Deleted : HKCU\Software\Complitly</p><p>Key Deleted : HKCU\Software\Conduit</p><p>Key Deleted : HKCU\Software\DataMngr</p><p>Key Deleted : HKCU\Software\DataMngr_Toolbar</p><p>Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh</p><p>Key Deleted : HKCU\Software\ilivid</p><p>Key Deleted : HKCU\Software\ilividtoolbarguid</p><p>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}</p><p>Key Deleted : HKCU\Software\PriceGong</p><p>Key Deleted : HKCU\Software\SProtector</p><p>Key Deleted : HKLM\Software\AedgePerformanceBCN</p><p>Key Deleted : HKLM\Software\APN</p><p>Key Deleted : HKLM\Software\AskToolbar</p><p>Key Deleted : HKLM\Software\Babylon</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader</p><p>Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41f1-8761-47238DF4F468}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO</p><p>Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane</p><p>Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\f</p><p>Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd</p><p>Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr</p><p>Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore</p><p>Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd</p><p>Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard</p><p>Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO</p><p>Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl</p><p>Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap</p><p>Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard</p><p>Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO</p><p>Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api</p><p>Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers</p><p>Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1</p><p>Key Deleted : HKLM\Software\Conduit</p><p>Key Deleted : HKLM\Software\DataMngr</p><p>Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh</p><p>Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda</p><p>Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc</p><p>Key Deleted : HKLM\Software\iLividSRTB</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilividtoolbarguid</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SProtector</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SProtector</p><p>Key Deleted : HKLM\SOFTWARE\Software</p><p>Key Deleted : HKLM\Software\SProtector</p><p>Key Deleted : HKLM\Software\Tarma Installer</p><p>Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]</p><p></p><p>***** [Internet Browsers] *****</p><p></p><p>-\\ Internet Explorer v8.0.6001.18702</p><p></p><p>Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://www.searchqu.com/web?src=ieb&appid=179&systemid=406&sr=0&q={searchTerms} --> hxxp://www.google.com</p><p>Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.gboxapp.com/ --> hxxp://www.google.com</p><p></p><p>-\\ Mozilla Firefox v17.0.1 (en-US)</p><p></p><p>File : C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\prefs.js</p><p></p><p>C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\user.js ... Deleted !</p><p></p><p>Deleted : user_pref("aol_toolbar.default.homepage.check", false);</p><p>Deleted : user_pref("aol_toolbar.default.search.check", false);</p><p>Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");</p><p>Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");</p><p>Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=101670");</p><p>Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 9);</p><p>Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");</p><p>Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);</p><p>Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);</p><p>Deleted : user_pref("extensions.BabylonToolbar.id", "54d92eee0000000000000011d8c69d16");</p><p>Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15248");</p><p>Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");</p><p>Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={search[...]</p><p>Deleted : user_pref("extensions.BabylonToolbar.lastDP", 9);</p><p>Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1012:15:36");</p><p>Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0");</p><p>Deleted : user_pref("extensions.BabylonToolbar.newTab", true);</p><p>Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");</p><p>Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");</p><p>Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 59420464);</p><p>Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);</p><p>Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);</p><p>Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");</p><p>Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);</p><p>Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");</p><p>Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");</p><p>Deleted : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");</p><p>Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");</p><p>Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");</p><p>Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1012:15:36");</p><p>Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");</p><p>Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");</p><p>Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);</p><p>Deleted : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);</p><p>Deleted : user_pref("extensions.asktb.cbid", "9D");</p><p>Deleted : user_pref("extensions.asktb.config-updated", true);</p><p>Deleted : user_pref("extensions.asktb.crumb", "2011.10.01+02.02.00-toolbar001iad-GB-QmlybWluZ2hhbSxVbml0ZWQgS2[...]</p><p>Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://uk.ask.com/web?qsrc={qsrc}&o={o}&l={l[...]</p><p>Deleted : user_pref("extensions.asktb.displaybehavior", "");</p><p>Deleted : user_pref("extensions.asktb.displaytext", "");</p><p>Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYGB");</p><p>Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);</p><p>Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "UKXX0018");</p><p>Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");</p><p>Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.babylon.com/?babsrc=SP_ss&q={se[...]</p><p>Deleted : user_pref("extensions.asktb.first-launch-url", "hxxp://www.talktalk.co.uk/");</p><p>Deleted : user_pref("extensions.asktb.fresh-install", false);</p><p>Deleted : user_pref("extensions.asktb.guid", "B5E608D9-B9CD-4E8A-8D37-73E050EDFF5D");</p><p>Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]</p><p>Deleted : user_pref("extensions.asktb.if", "first");</p><p>Deleted : user_pref("extensions.asktb.l", "dis");</p><p>Deleted : user_pref("extensions.asktb.last-config-req", "1320859830346");</p><p>Deleted : user_pref("extensions.asktb.last-search-timestamp", "1319657643016");</p><p>Deleted : user_pref("extensions.asktb.locale", "en_UK");</p><p>Deleted : user_pref("extensions.asktb.location", "Birmingham,United Kingdom");</p><p>Deleted : user_pref("extensions.asktb.lstation", "");</p><p>Deleted : user_pref("extensions.asktb.new-tab-opt-out", true);</p><p>Deleted : user_pref("extensions.asktb.o", "41648107");</p><p>Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);</p><p>Deleted : user_pref("extensions.asktb.pstate", "");</p><p>Deleted : user_pref("extensions.asktb.qsrc", "2871");</p><p>Deleted : user_pref("extensions.asktb.r", "3");</p><p>Deleted : user_pref("extensions.asktb.sa", "YES");</p><p>Deleted : user_pref("extensions.asktb.saguid", "BE23DD78-B95A-4C40-B549-E59503B1AC25");</p><p>Deleted : user_pref("extensions.asktb.search-history-queries", "google||postoffice||budget car co");</p><p>Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.uk.ask.com/query?qs[...]</p><p>Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);</p><p>Deleted : user_pref("extensions.asktb.silent-upgrade", true);</p><p>Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);</p><p>Deleted : user_pref("extensions.asktb.socialmini-first", true);</p><p>Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");</p><p>Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");</p><p>Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");</p><p>Deleted : user_pref("extensions.asktb.socialmini-native-on", true);</p><p>Deleted : user_pref("extensions.asktb.socialmini-speed", "5000");</p><p>Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);</p><p>Deleted : user_pref("extensions.asktb.themeid", "");</p><p>Deleted : user_pref("extensions.asktb.to", "");</p><p>Deleted : user_pref("extensions.asktb.v", "3.13.1.100008");</p><p>Deleted : user_pref("extensions.asktb.volume", "");</p><p>Deleted : user_pref("extensions.funmoods.aflt", "aed");</p><p>Deleted : user_pref("extensions.funmoods.autoRvrt", false);</p><p>Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");</p><p>Deleted : user_pref("extensions.funmoods.cntry", "GB");</p><p>Deleted : user_pref("extensions.funmoods.cv", "cv5");</p><p>Deleted : user_pref("extensions.funmoods.dfltLng", "");</p><p>Deleted : user_pref("extensions.funmoods.dfltSrch", false);</p><p>Deleted : user_pref("extensions.funmoods.dfltlng", "en");</p><p>Deleted : user_pref("extensions.funmoods.dfltsrch", "false");</p><p>Deleted : user_pref("extensions.funmoods.dnsErr", true);</p><p>Deleted : user_pref("extensions.funmoods.envrmnt", "production");</p><p>Deleted : user_pref("extensions.funmoods.excTlbr", false);</p><p>Deleted : user_pref("extensions.funmoods.hdrMd5", "EA9EA926040E0FAFA0254AE1A01D214A");</p><p>Deleted : user_pref("extensions.funmoods.hmpg", false);</p><p>Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=aed&chnl=aed&cd=2XzuyEtN2[...]</p><p>Deleted : user_pref("extensions.funmoods.hrdid", "0011D8C69D162EEE");</p><p>Deleted : user_pref("extensions.funmoods.id", "0011D8C69D162EEE");</p><p>Deleted : user_pref("extensions.funmoods.instlDay", "15586");</p><p>Deleted : user_pref("extensions.funmoods.instlRef", "aed");</p><p>Deleted : user_pref("extensions.funmoods.instlday", "15586");</p><p>Deleted : user_pref("extensions.funmoods.instlref", "aed");</p><p>Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);</p><p>Deleted : user_pref("extensions.funmoods.keywordurl", "");</p><p>Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2215:29:46");</p><p>Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");</p><p>Deleted : user_pref("extensions.funmoods.newTab", false);</p><p>Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=aed&chnl=aed&cd=2XzuyEt[...]</p><p>Deleted : user_pref("extensions.funmoods.newtab", "false");</p><p>Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=aed&chnl=aed&cd=2XzuyEt[...]</p><p>Deleted : user_pref("extensions.funmoods.prdct", "funmoods");</p><p>Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");</p><p>Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");</p><p>Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");</p><p>Deleted : user_pref("extensions.funmoods.sg", "none");</p><p>Deleted : user_pref("extensions.funmoods.smplGrp", "none");</p><p>Deleted : user_pref("extensions.funmoods.smplgrp", "none");</p><p>Deleted : user_pref("extensions.funmoods.srch", "");</p><p>Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");</p><p>Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");</p><p>Deleted : user_pref("extensions.funmoods.tlbrId", "base");</p><p>Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=aed&chnl=aed&cd=2Xzuy[...]</p><p>Deleted : user_pref("extensions.funmoods.tlbrid", "base");</p><p>Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=aed&chnl=aed&cd=2Xzuy[...]</p><p>Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");</p><p>Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2215:29:46");</p><p>Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");</p><p>Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.2215:29:46");</p><p>Deleted : user_pref("extensions.funmoods_i.newTab", false);</p><p>Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");</p><p>Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2215:29:46");</p><p>Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");</p><p>Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");</p><p>Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");</p><p>Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");</p><p>Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");</p><p>Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");</p><p>Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");</p><p>Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");</p><p></p><p>-\\ Google Chrome v23.0.1271.97</p><p></p><p>File : C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences</p><p></p><p>[OK] File is clean.</p><p></p><p>*************************</p><p></p><p>AdwCleaner[S1].txt - [28898 octets] - [04/01/2013 16:38:58]</p><p></p><p>########## EOF - C:\AdwCleaner[S1].txt - [28959 octets] ##########</p></blockquote><p></p>
[QUOTE="edward1, post: 93790, member: 4314"] RogueKiller V8.4.2 [Dec 31 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Jane [Admin rights] Mode : Remove -- Date : 01/04/2013 16:46:59 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [RUN][SUSP PATH] HKLM\[...]\Run : Nuance PDF Reader-reminder ("C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nuance\PDF Reader\Ereg\Ereg.ini") -> DELETED [STARTUP][Rans.Gendarm] runctf.lnk @Administrator : C:\WINDOWS\system32\rundll32.exe|c:\docume~1\jane\wgsdgsdgdsgsd.dll,H1N1 -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ _INLINE_ : NtAllocateVirtualMemory -> HOOKED (\??\C:\WINDOWS\system32\drivers\hitmanpro37.sys @ 0xB70C4566) ¤¤¤ Infection : Rans.Gendarm ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 9c2d2e821e1196f89b8c787eaee3832a [BSP] 452d25cb2895d0e29ce1e928057ea15e : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: +++++ --- User --- [MBR] e2889933bf33c4b43d0a6a44b1c5db1b [BSP] 06b1884231d34035de17e05110ce18c1 : MBR Code unknown Partition table: 0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 7387 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_D_01042013_02d1646.txt >> RKreport[1]_S_01042013_02d1645.txt ; RKreport[2]_D_01042013_02d1646.txt # AdwCleaner v2.104 - Logfile created 01/04/2013 at 16:38:58 # Updated 29/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Jane - PETERCOMPUTERNO # Boot Mode : Normal # Running from : E:\AdwCleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** File Deleted : C:\Documents and Settings\Jane\Local Settings\Application Data\funmoods.crx File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Folder Deleted : C:\DOCUME~1\Jane\LOCALS~1\Temp\{f34c9277-6577-4dff-b2d7-7d58092f272f} Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Premium Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer Folder Deleted : C:\Documents and Settings\Jane\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Jane\Application Data\Complitly Folder Deleted : C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\Searchqutoolbar Folder Deleted : C:\Documents and Settings\Jane\Application Data\PriceGong Folder Deleted : C:\Documents and Settings\Jane\Application Data\searchquband Folder Deleted : C:\Documents and Settings\Jane\Application Data\Searchqutoolbar Folder Deleted : C:\Documents and Settings\Jane\Local Settings\Application Data\AskToolbar Folder Deleted : C:\Documents and Settings\Jane\Local Settings\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Folder Deleted : C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda Folder Deleted : C:\Documents and Settings\Jane\Local Settings\Application Data\Ilivid Player Folder Deleted : C:\Program Files\Ask.com Folder Deleted : C:\Program Files\Complitly Folder Deleted : C:\Program Files\PriceGong Folder Deleted : C:\Program Files\search results toolbar Folder Deleted : C:\Program Files\SearchCore for Browsers Folder Deleted : C:\Program Files\Windows iLivid Toolbar Folder Deleted : C:\Program Files\Yontoo Layers Runtime Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\search~2\datamngr\datamngr.dll Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\search~2\datamngr\iebho.dll Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\APN DTX Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AskToolbar Key Deleted : HKCU\Software\Complitly Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\ilividtoolbarguid Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\PriceGong Key Deleted : HKCU\Software\SProtector Key Deleted : HKLM\Software\AedgePerformanceBCN Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41f1-8761-47238DF4F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\f Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard Key Deleted : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1 Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1 Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\Software\iLividSRTB Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilividtoolbarguid Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SProtector Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SProtector Key Deleted : HKLM\SOFTWARE\Software Key Deleted : HKLM\Software\SProtector Key Deleted : HKLM\Software\Tarma Installer Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://www.searchqu.com/web?src=ieb&appid=179&systemid=406&sr=0&q={searchTerms} --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.gboxapp.com/ --> hxxp://www.google.com -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\prefs.js C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\user.js ... Deleted ! Deleted : user_pref("aol_toolbar.default.homepage.check", false); Deleted : user_pref("aol_toolbar.default.search.check", false); Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=101670"); Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 9); Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true); Deleted : user_pref("extensions.BabylonToolbar.hmpg", true); Deleted : user_pref("extensions.BabylonToolbar.id", "54d92eee0000000000000011d8c69d16"); Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15248"); Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={search[...] Deleted : user_pref("extensions.BabylonToolbar.lastDP", 9); Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1012:15:36"); Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0"); Deleted : user_pref("extensions.BabylonToolbar.newTab", true); Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 59420464); Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0); Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true); Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)"); Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10"); Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1012:15:36"); Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\"); Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000"); Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true); Deleted : user_pref("extensions.asktb.autofill-text-highlight-enabled", true); Deleted : user_pref("extensions.asktb.cbid", "9D"); Deleted : user_pref("extensions.asktb.config-updated", true); Deleted : user_pref("extensions.asktb.crumb", "2011.10.01+02.02.00-toolbar001iad-GB-QmlybWluZ2hhbSxVbml0ZWQgS2[...] Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://uk.ask.com/web?qsrc={qsrc}&o={o}&l={l[...] Deleted : user_pref("extensions.asktb.displaybehavior", ""); Deleted : user_pref("extensions.asktb.displaytext", ""); Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYGB"); Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false); Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "UKXX0018"); Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C"); Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.babylon.com/?babsrc=SP_ss&q={se[...] Deleted : user_pref("extensions.asktb.first-launch-url", "hxxp://www.talktalk.co.uk/"); Deleted : user_pref("extensions.asktb.fresh-install", false); Deleted : user_pref("extensions.asktb.guid", "B5E608D9-B9CD-4E8A-8D37-73E050EDFF5D"); Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...] Deleted : user_pref("extensions.asktb.if", "first"); Deleted : user_pref("extensions.asktb.l", "dis"); Deleted : user_pref("extensions.asktb.last-config-req", "1320859830346"); Deleted : user_pref("extensions.asktb.last-search-timestamp", "1319657643016"); Deleted : user_pref("extensions.asktb.locale", "en_UK"); Deleted : user_pref("extensions.asktb.location", "Birmingham,United Kingdom"); Deleted : user_pref("extensions.asktb.lstation", ""); Deleted : user_pref("extensions.asktb.new-tab-opt-out", true); Deleted : user_pref("extensions.asktb.o", "41648107"); Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Deleted : user_pref("extensions.asktb.pstate", ""); Deleted : user_pref("extensions.asktb.qsrc", "2871"); Deleted : user_pref("extensions.asktb.r", "3"); Deleted : user_pref("extensions.asktb.sa", "YES"); Deleted : user_pref("extensions.asktb.saguid", "BE23DD78-B95A-4C40-B549-E59503B1AC25"); Deleted : user_pref("extensions.asktb.search-history-queries", "google||postoffice||budget car co"); Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.uk.ask.com/query?qs[...] Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true); Deleted : user_pref("extensions.asktb.silent-upgrade", true); Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false); Deleted : user_pref("extensions.asktb.socialmini-first", true); Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000"); Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33"); Deleted : user_pref("extensions.asktb.socialmini-max-items", "30"); Deleted : user_pref("extensions.asktb.socialmini-native-on", true); Deleted : user_pref("extensions.asktb.socialmini-speed", "5000"); Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false); Deleted : user_pref("extensions.asktb.themeid", ""); Deleted : user_pref("extensions.asktb.to", ""); Deleted : user_pref("extensions.asktb.v", "3.13.1.100008"); Deleted : user_pref("extensions.asktb.volume", ""); Deleted : user_pref("extensions.funmoods.aflt", "aed"); Deleted : user_pref("extensions.funmoods.autoRvrt", false); Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr"); Deleted : user_pref("extensions.funmoods.cntry", "GB"); Deleted : user_pref("extensions.funmoods.cv", "cv5"); Deleted : user_pref("extensions.funmoods.dfltLng", ""); Deleted : user_pref("extensions.funmoods.dfltSrch", false); Deleted : user_pref("extensions.funmoods.dfltlng", "en"); Deleted : user_pref("extensions.funmoods.dfltsrch", "false"); Deleted : user_pref("extensions.funmoods.dnsErr", true); Deleted : user_pref("extensions.funmoods.envrmnt", "production"); Deleted : user_pref("extensions.funmoods.excTlbr", false); Deleted : user_pref("extensions.funmoods.hdrMd5", "EA9EA926040E0FAFA0254AE1A01D214A"); Deleted : user_pref("extensions.funmoods.hmpg", false); Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=aed&chnl=aed&cd=2XzuyEtN2[...] Deleted : user_pref("extensions.funmoods.hrdid", "0011D8C69D162EEE"); Deleted : user_pref("extensions.funmoods.id", "0011D8C69D162EEE"); Deleted : user_pref("extensions.funmoods.instlDay", "15586"); Deleted : user_pref("extensions.funmoods.instlRef", "aed"); Deleted : user_pref("extensions.funmoods.instlday", "15586"); Deleted : user_pref("extensions.funmoods.instlref", "aed"); Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true); Deleted : user_pref("extensions.funmoods.keywordurl", ""); Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2215:29:46"); Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); Deleted : user_pref("extensions.funmoods.newTab", false); Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=aed&chnl=aed&cd=2XzuyEt[...] Deleted : user_pref("extensions.funmoods.newtab", "false"); Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=aed&chnl=aed&cd=2XzuyEt[...] Deleted : user_pref("extensions.funmoods.prdct", "funmoods"); Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods"); Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods"); Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1"); Deleted : user_pref("extensions.funmoods.sg", "none"); Deleted : user_pref("extensions.funmoods.smplGrp", "none"); Deleted : user_pref("extensions.funmoods.smplgrp", "none"); Deleted : user_pref("extensions.funmoods.srch", ""); Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search"); Deleted : user_pref("extensions.funmoods.srchprvdr", "Search"); Deleted : user_pref("extensions.funmoods.tlbrId", "base"); Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=aed&chnl=aed&cd=2Xzuy[...] Deleted : user_pref("extensions.funmoods.tlbrid", "base"); Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=aed&chnl=aed&cd=2Xzuy[...] Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22"); Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2215:29:46"); Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22"); Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.2215:29:46"); Deleted : user_pref("extensions.funmoods_i.newTab", false); Deleted : user_pref("extensions.funmoods_i.smplGrp", "none"); Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2215:29:46"); Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Deleted : user_pref("sweetim.toolbar.searchguard.enable", ""); -\\ Google Chrome v23.0.1271.97 File : C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[S1].txt - [28898 octets] - [04/01/2013 16:38:58] ########## EOF - C:\AdwCleaner[S1].txt - [28959 octets] ########## [/QUOTE]
Insert quotes…
Verification
Post reply
Top