"Incorrect image" message when opening all my .exe files
Solved
Huitzil
Posted messages
17
Registration date
Status
Member
Last intervention
-
Anonymous user -
Anonymous user -
Hello,
Overnight, windows started opening every time an application is launched, right from the Windows login. I have to close the window by clicking on the cross or "accept" for the application to launch. After that, the application works fine. The message on each window is as follows:
"*.exe - Incorrect Image
c:\progra~2\browse~1\261070~1.41\{c16c1~1\browse~1.dll is not designed to run on Windows or contains an error..."
After doing some research on many forums, I ran an analysis with the OTL.exe tool, which gives me the following report:
OTL logfile created on: 03/23/2013 07:54:11 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vedha\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00002c0a | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy
1.75 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 44.14% Memory free
3.49 Gb Paging File | 2.12 Gb Available in Paging File | 60.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 29.58 Gb Free Space | 12.71% Space Free | Partition Type: NTFS
Drive D: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: VEDHA-PC | User Name: Vedha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013/03/23 19:22:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vedha\Desktop\OTL.exe
PRC - [2013/03/10 21:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/02/18 14:57:09 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/02/18 14:57:09 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2012/11/29 23:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 07:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 05:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 18:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 07:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 20:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/09 23:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/14 10:55:15 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/12/08 06:24:16 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2010/11/20 09:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2010/11/02 16:58:08 | 000,087,888 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2010/06/09 17:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/04/20 20:34:58 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/04/20 20:34:28 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013/03/10 21:22:06 | 000,459,728 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
MOD - [2013/03/10 21:22:05 | 012,662,224 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013/03/10 21:22:04 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013/03/10 21:21:18 | 000,596,944 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013/03/10 21:21:18 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013/03/10 21:21:16 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [2013/02/18 14:57:10 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2013/02/18 14:57:09 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/02/14 11:08:28 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/14 11:07:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/09 18:14:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 18:12:55 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 18:12:13 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 18:12:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 18:12:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 18:11:55 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/11/09 13:28:58 | 000,081,920 | ---- | M] () -- C:\Program Files\NCH Software\ExpressZip\ezcm.dll
MOD - [2011/02/23 03:25:32 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3763.10680__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2011/02/23 03:25:32 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3763.10647__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011/02/23 03:25:32 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3763.10544__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:32 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3763.10610__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:32 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3763.10568__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011/02/23 03:25:32 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3763.10647__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:32 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3763.10610__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011/02/23 03:25:32 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3763.10626__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:32 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3763.10554__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:32 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3763.10605__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:32 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3763.10649__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:32 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3763.10609__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:32 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3763.10594__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3763.10646__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3763.10561__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011/02/23 03:25:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3763.10556__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:32 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3763.10681__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:31 | 001,294,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3763.10676__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:31 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3763.10596__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:31 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3763.10569__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:31 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3763.10619__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011/02/23 03:25:31 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3763.10595__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:31 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3763.10590__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:31 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3763.10603__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:31 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3763.10573__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2011/02/23 03:25:31 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:31 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3763.10569__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:31 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3763.10595__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:31 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3763.10601__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:31 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3763.10594__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:31 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3763.10595__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3763.10601__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3763.10573__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:31 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3763.10603__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:31 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3763.10538__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011/02/23 03:25:31 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3763.10534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011/02/23 03:25:31 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3763.10539__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011/02/23 03:25:31 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3763.10646__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011/02/23 03:25:31 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3763.10654__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011/02/23 03:25:31 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3763.10544__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011/02/23 03:25:31 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3763.10539__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3763.10536__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3763.10642__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011/02/23 03:25:30 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3763.10533__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011/02/23 03:25:30 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3763.10639__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011/02/23 03:25:30 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3763.10625__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3763.10585__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3763.10609__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3763.10566__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3763.10594__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3763.10555__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011/02/23 03:25:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3763.10654__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011/02/23 03:25:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3763.10647__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3763.10604__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3763.10536__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011/02/23 03:25:30 | 000,032,768 | ---- |
Overnight, windows started opening every time an application is launched, right from the Windows login. I have to close the window by clicking on the cross or "accept" for the application to launch. After that, the application works fine. The message on each window is as follows:
"*.exe - Incorrect Image
c:\progra~2\browse~1\261070~1.41\{c16c1~1\browse~1.dll is not designed to run on Windows or contains an error..."
After doing some research on many forums, I ran an analysis with the OTL.exe tool, which gives me the following report:
OTL logfile created on: 03/23/2013 07:54:11 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vedha\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00002c0a | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy
1.75 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 44.14% Memory free
3.49 Gb Paging File | 2.12 Gb Available in Paging File | 60.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 29.58 Gb Free Space | 12.71% Space Free | Partition Type: NTFS
Drive D: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: VEDHA-PC | User Name: Vedha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013/03/23 19:22:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vedha\Desktop\OTL.exe
PRC - [2013/03/10 21:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/02/18 14:57:09 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/02/18 14:57:09 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2012/11/29 23:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 07:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 05:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 18:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 07:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 20:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/09 23:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/14 10:55:15 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/12/08 06:24:16 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2010/11/20 09:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2010/11/02 16:58:08 | 000,087,888 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2010/06/09 17:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/04/20 20:34:58 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/04/20 20:34:28 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013/03/10 21:22:06 | 000,459,728 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
MOD - [2013/03/10 21:22:05 | 012,662,224 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013/03/10 21:22:04 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013/03/10 21:21:18 | 000,596,944 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013/03/10 21:21:18 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013/03/10 21:21:16 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [2013/02/18 14:57:10 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2013/02/18 14:57:09 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/02/14 11:08:28 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/14 11:07:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/09 18:14:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 18:12:55 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 18:12:13 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 18:12:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 18:12:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 18:11:55 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/11/09 13:28:58 | 000,081,920 | ---- | M] () -- C:\Program Files\NCH Software\ExpressZip\ezcm.dll
MOD - [2011/02/23 03:25:32 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3763.10680__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2011/02/23 03:25:32 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3763.10647__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011/02/23 03:25:32 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3763.10544__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:32 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3763.10610__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:32 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3763.10568__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011/02/23 03:25:32 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3763.10647__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:32 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3763.10610__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011/02/23 03:25:32 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3763.10626__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:32 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3763.10554__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:32 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3763.10605__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:32 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3763.10649__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:32 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3763.10609__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:32 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3763.10594__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3763.10646__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3763.10561__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011/02/23 03:25:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3763.10556__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:32 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3763.10681__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:31 | 001,294,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3763.10676__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:31 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3763.10596__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:31 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3763.10569__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:31 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3763.10619__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011/02/23 03:25:31 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3763.10595__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:31 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3763.10590__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:31 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3763.10603__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:31 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3763.10573__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2011/02/23 03:25:31 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:31 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3763.10569__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:31 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3763.10595__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:31 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3763.10601__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011/02/23 03:25:31 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3763.10594__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:31 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3763.10595__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3763.10601__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3763.10573__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:31 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3763.10603__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011/02/23 03:25:31 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3763.10538__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011/02/23 03:25:31 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3763.10534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011/02/23 03:25:31 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3763.10539__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011/02/23 03:25:31 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3763.10646__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011/02/23 03:25:31 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3763.10654__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011/02/23 03:25:31 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3763.10544__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011/02/23 03:25:31 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3763.10539__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3763.10536__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3763.10642__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011/02/23 03:25:30 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3763.10533__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011/02/23 03:25:30 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3763.10639__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011/02/23 03:25:30 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3763.10625__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3763.10585__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3763.10609__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3763.10566__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3763.10594__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3763.10555__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011/02/23 03:25:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3763.10654__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011/02/23 03:25:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3763.10647__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3763.10604__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011/02/23 03:25:30 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3763.10536__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011/02/23 03:25:30 | 000,032,768 | ---- |
29 answers
- 1
- 2
Next
-
Hello Tapharule,
As our friend Homerlulu said (yop padawan :P):
Since this post is finished, it would be better for you to make your personal message, this will make the posts more understandable and the response to your problem will be more effective.
Use this video to post your message:
http://sd-1.archive-host.com/membres/up/68979205412808752/CCM/demo_creer_son_message.htm
Be patient and a helper will eventually take care of you ;)
Thank you for your understanding.
--
O.o°*Member, CCM security Staff o°.Oø¤º°'°º¤ø
=>>Breathe deeply, write your message in proper French and clearly. It'll be fine, you'll see, well we hope so!!! o°Oø -
-
I'm sorry it seems long to you. Given the numerous similar cases to mine that I have seen discussed on various forums, I have noticed that the first step to solving this type of problem is to conduct this type of analysis with this type of tool. Unfortunately, I need the help of someone qualified to analyze the results and determine the next steps. That's why, in order to make it easier for the person who will kindly take the time to help me, I have done everything I could and have provided you with the results.
Thank you for your attention, and please let me know if I can assist in any other way. -
-
-
-
Huitzil March 24, 2013 at 12:22 a.m.
It may be redundant, but here is also the report generated by the HiJackThis tool:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:19:50 p.m., on 03/23/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Vedha\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.babylon.com/?affID=116632&tt=0313_4&babsrc=HP_ss&mntrId=b4edc2e20000000000002e0f6e95b234
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Network Service')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Network Service')
O8 - Extra context menu item: &Send to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menu item: &Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Linked Notes from OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menu item: Linked Notes from OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menu item: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\261070~1.41\{c16c1~1\browse~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Google Update Service (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NovaCore SDK Service (NvtlService) - Unknown owner - C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 -
Thanks to the intervention of miladile0293, I realized that my initial message as well as the comment I posted afterward are indeed too long, as they are not published in their entirety. I deduce that the number of characters is limited for each message.
I leave the comments as they are for now, hoping that it will be enough for someone knowledgeable to understand the source of the problem, but I am available to provide you with the end of the reports from OTL and HiJackThis.
Thank you in advance for your responses. -
Hello,
* Download ZHPDiag to your desktop:
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
or
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
* Follow the instructions during installation, it will launch automatically at the end.
/!\Vista, Seven, and W8 users:
* Right-click on the ZHPdiag logo, “Run as Administrator”
* Click on the screwdriver, select all modules.
* Click on the icon representing a magnifying glass (“Start the diagnosis”)
* Save the report to your Desktop using the icon representing a floppy disk
* Host the ZHPDiag.txt report on Cjoint, then copy/paste the provided link in your next reply on the forum:
https://www.cjoint.com/ => https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers
--
O.o°*Member, Security Contributor CCM o°.Oø¤º°'°º¤ø
=>> Breathe deeply, write your message in good French and clearly. It will be fine, you'll see, well we’ll try!!! o°Oø -
Hello Electrician 69,
Thank you very much for your response. Here is the link you requested:
http://cjoint.com/?CCyxc1fLzEP
I await your instructions. -
install the latest version of Java from its dedicated site!
beware of P2P!
/!\ Warning:
more and more programs offer to install toolbars (Toolbars, pre-checked box), so don't forget to uncheck the corresponding boxes during installation.
In addition to this, strongly avoid sites like 01@net (on the mend!) and Softonic, free and open-source software are repackaged with their toolbars!
? Download and save ADWcleaner on your desktop (Thanks to Xplode):
http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner
Run it,
click on search and post its report.
--
O.o°*Member, Security Contributor CCM o°.Oø¤º°'°º¤ø
=>>Breathe deeply, write your message in proper French and clearly. It will go well, you'll see, well we try!!! o°Oø -
Hello,
here is the AdwCleaner report:
# AdwCleaner v2.115 - File created on 25/03/2013 at 12:06:50
# Updated on 17/03/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# User : Vedha - VEDHA-PC
# Startup Mode : Normal
# Executed from : C:\Users\Vedha\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Present : C:\Program Files\AVG Secure Search
Folder Present : C:\Program Files\Common Files\AVG Secure Search
Folder Present : C:\ProgramData\Ask
Folder Present : C:\ProgramData\AVG Secure Search
Folder Present : C:\ProgramData\AVG Security Toolbar
Folder Present : C:\ProgramData\InstallMate
Folder Present : C:\ProgramData\Premium
Folder Present : C:\ProgramData\Tarma Installer
Folder Present : C:\Users\Vedha\AppData\Local\AVG Secure Search
Folder Present : C:\Users\Vedha\AppData\Local\AVG Security Toolbar
Folder Present : C:\Users\Vedha\AppData\Local\Giant Savings Extension
Folder Present : C:\Users\Vedha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Present : C:\Users\Vedha\AppData\Local\PackageAware
Folder Present : C:\Users\Vedha\AppData\LocalLow\AVG Secure Search
Folder Present : C:\Users\Vedha\AppData\LocalLow\AVG Security Toolbar
Folder Present : C:\Users\Vedha\AppData\LocalLow\BabylonToolbar
Folder Present : C:\Users\Vedha\AppData\LocalLow\boost_interprocess
Folder Present : C:\Users\Vedha\AppData\Roaming\Babylon
Folder Present : C:\Users\Vedha\AppData\Roaming\yourfiledownloader
File Present : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Present : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Present : C:\user.js
File Present : C:\Users\Vedha\AppData\Roaming\Mozilla\Firefox\Profiles\fza83jgb.default\searchplugins\Askcom.xml
File Present : C:\Users\Vedha\AppData\Roaming\Mozilla\Firefox\Profiles\fza83jgb.default\searchplugins\babylon1.xml
***** [Registry] *****
Key Present : HKCU\Software\1ClickDownload
Key Present : HKCU\Software\928b8de73eb943
Key Present : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Present : HKCU\Software\AppDataLow\Software\Crossrider
Key Present : HKCU\Software\AVG Secure Search
Key Present : HKCU\Software\AVG Security Toolbar
Key Present : HKCU\Software\Conduit
Key Present : HKCU\Software\Cr_Installer
Key Present : HKCU\Software\DataMngr
Key Present : HKCU\Software\DataMngr_Toolbar
Key Present : HKCU\Software\InstallCore
Key Present : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Present : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Present : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Present : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
Key Present : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Present : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Present : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Present : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Present : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Present : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
Key Present : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Present : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Present : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Present : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Present : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Present : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Present : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Present : HKCU\Software\Softonic
Key Present : HKCU\Software\YourFileDownloader
Key Present : HKLM\SOFTWARE\928b8de73eb943
Key Present : HKLM\Software\AVG Secure Search
Key Present : HKLM\Software\AVG Security Toolbar
Key Present : HKLM\Software\Babylon
Key Present : HKLM\Software\BFlix
Key Present : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Present : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Present : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Present : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Present : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Present : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Present : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Present : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Present : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Present : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Present : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Present : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Present : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Present : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Present : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Present : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Present : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Present : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Present : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Present : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Present : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Present : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Present : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Present : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Present : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Present : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Present : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Present : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Present : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Present : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Present : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Present : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Present : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Present : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Present : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Present : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Present : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Present : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Present : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Present : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Present : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Present : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Present : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Present : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Present : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Present : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Present : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Present : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Present : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Present : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Present : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Present : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Present : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Present : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Present : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Present : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Present : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Present : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Present : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Present : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Present : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Present : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Present : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Present : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Present : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Present : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Present : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Present : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Present : HKLM\SOFTWARE\Classes\Prod.cap
Key Present : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Present : HKLM\SOFTWARE\Classes\S
Key Present : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Present : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Present : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Present : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Present : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Present : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Present : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Present : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Present : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Present : HKLM\Software\Conduit
Key Present : HKLM\Software\DataMngr
Key Present : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Present : HKLM\Software\Iminent
Key Present : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Present : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Present : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Present : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Present : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Present : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Present : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Present : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASAPI32
Key Present : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASMANCS
Key Present : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Present : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Present : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Present : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Present : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Present : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Present : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Present : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Present : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Present : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Present : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Present : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Present : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Present : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Present : HKLM\Software\Tarma Installer
Key Present : HKLM\Software\YourFileDownloader
Key Present : HKU\S-1-5-21-3346389716-2875689861-3491977819-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Present : HKU\S-1-5-21-3346389716-2875689861-3491977819-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Present : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Present : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Present : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Present : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.babylon.com/?affID=116632&tt=0313_4&babsrc=HP_ss&mntrId=b4edc2e20000000000002e0f6e95b234
-\\ Mozilla Firefox v19.0 (en-US)
File : C:\Users\Vedha\AppData\Roaming\Mozilla\Firefox\Profiles\fza83jgb.default\prefs.js
Present : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1");
Present : user_pref("avg.install.userSPSettings", "Ask.com");
Present : user_pref("browser.search.order.1", "Ask.com");
Present : user_pref("browser.search.selectedEngine", "Ask.com");
Present : user_pref("extensions.BabylonToolbar.admin", false);
Present : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Present : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Present : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Present : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Present : user_pref("extensions.BabylonToolbar.excTlbr", false);
Present : user_pref("extensions.BabylonToolbar.id", "b4edc2e20000000000002e0f6e95b234");
Present : user_pref("extensions.BabylonToolbar.instlDay", "15724");
Present : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Present : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Present : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Present : user_pref("extensions.BabylonToolbar.rvrt", "false");
Present : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Present : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Present : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Present : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Present : user_pref("extensions.BabylonToolbar_i.babExt", "");
Present : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=116632&tt=0313_4");
Present : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Present : user_pref("extensions.BabylonToolbar_i.newTab", false);
Present : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Present : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Present : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.221:20:30");
-\\ Google Chrome v25.0.1364.172
File : C:\Users\Vedha\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] The file does not contain any illegitimate entry.
*************************
AdwCleaner[R1].txt - [17627 bytes] - [25/03/2013 12:06:50]
########## EOF - C:\AdwCleaner[R1].txt - [17688 bytes] ########## -
strange, your computer is in Spanish?
restart ADWC, click on Delete,
post its report after restarting the computer
--
O.o°*Member, Security Contributor CCM o°.Oø¤º°'°º¤ø
=>>Breathe deeply, write your message in proper French and clearly. It's going to be fine, you'll see, well, we're trying!!! o°Oø -
Yes, my computer speaks Spanish because I bought it two and a half years ago in Argentina, where I currently am.
I am reaching out to the contributors of the site How it works because I understand computer issues better in my native language.
Here is the report from AdwCleaner after removal:
# AdwCleaner v2.115 - File created on 25/03/2013 at 14:39:09
# Updated on 17/03/2013 by Xplode
# Operating system: Windows 7 Starter Service Pack 1 (32 bits)
# User: Vedha - VEDHA-PC
# Startup mode: Normal
# Run from: C:\Users\Vedha\Desktop\adwcleaner.exe
# Option [Removal]
***** [Services] *****
***** [Files / Folders] *****
Deleted Folder: C:\Program Files\AVG Secure Search
Deleted Folder: C:\ProgramData\Ask
Deleted Folder: C:\ProgramData\AVG Secure Search
Deleted Folder: C:\ProgramData\AVG Security Toolbar
Deleted Folder: C:\ProgramData\InstallMate
Deleted Folder: C:\ProgramData\Premium
Deleted Folder: C:\ProgramData\Tarma Installer
Deleted Folder: C:\Users\Vedha\AppData\Local\AVG Secure Search
Deleted Folder: C:\Users\Vedha\AppData\Local\AVG Security Toolbar
Deleted Folder: C:\Users\Vedha\AppData\Local\Giant Savings Extension
Deleted Folder: C:\Users\Vedha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Deleted Folder: C:\Users\Vedha\AppData\Local\PackageAware
Deleted Folder: C:\Users\Vedha\AppData\LocalLow\AVG Secure Search
Deleted Folder: C:\Users\Vedha\AppData\LocalLow\AVG Security Toolbar
Deleted Folder: C:\Users\Vedha\AppData\LocalLow\BabylonToolbar
Deleted Folder: C:\Users\Vedha\AppData\LocalLow\boost_interprocess
Deleted Folder: C:\Users\Vedha\AppData\Roaming\Babylon
Deleted Folder: C:\Users\Vedha\AppData\Roaming\yourfiledownloader
Deleted File: C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Deleted File: C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Deleted File: C:\user.js
Deleted File: C:\Users\Vedha\AppData\Roaming\Mozilla\Firefox\Profiles\fza83jgb.default\searchplugins\Askcom.xml
Deleted File: C:\Users\Vedha\AppData\Roaming\Mozilla\Firefox\Profiles\fza83jgb.default\searchplugins\babylon1.xml
Deleted on restart: C:\Program Files\Common Files\AVG Secure Search
***** [Registry] *****
Deleted Key: HKCU\Software\1ClickDownload
Deleted Key: HKCU\Software\928b8de73eb943
Deleted Key: HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Deleted Key: HKCU\Software\AppDataLow\Software\Crossrider
Deleted Key: HKCU\Software\AVG Secure Search
Deleted Key: HKCU\Software\AVG Security Toolbar
Deleted Key: HKCU\Software\Conduit
Deleted Key: HKCU\Software\Cr_Installer
Deleted Key: HKCU\Software\DataMngr
Deleted Key: HKCU\Software\DataMngr_Toolbar
Deleted Key: HKCU\Software\InstallCore
Deleted Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Deleted Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Deleted Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Deleted Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
Deleted Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Deleted Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Deleted Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Deleted Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0C9F4179-6CE2-4C6A-A3E5-67FF3592A12E}
Deleted Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Deleted Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Deleted Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Deleted Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Deleted Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Deleted Key: HKCU\Software\Softonic
Deleted Key: HKCU\Software\YourFileDownloader
Deleted Key: HKLM\SOFTWARE\928b8de73eb943
Deleted Key: HKLM\Software\AVG Secure Search
Deleted Key: HKLM\Software\AVG Security Toolbar
Deleted Key: HKLM\Software\Babylon
Deleted Key: HKLM\Software\BFlix
Deleted Key: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Deleted Key: HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Deleted Key: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Deleted Key: HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Deleted Key: HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Deleted Key: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Deleted Key: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Deleted Key: HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Deleted Key: HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Deleted Key: HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Deleted Key: HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Deleted Key: HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Deleted Key: HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Deleted Key: HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Deleted Key: HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Deleted Key: HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Deleted Key: HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Deleted Key: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted Key: HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Deleted Key: HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Deleted Key: HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Deleted Key: HKLM\SOFTWARE\Classes\Prod.cap
Deleted Key: HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Deleted Key: HKLM\SOFTWARE\Classes\S
Deleted Key: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Deleted Key: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Deleted Key: HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Deleted Key: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Deleted Key: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Deleted Key: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted Key: HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Deleted Key: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Deleted Key: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Deleted Key: HKLM\Software\Conduit
Deleted Key: HKLM\Software\DataMngr
Deleted Key: HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Deleted Key: HKLM\Software\Iminent
Deleted Key: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Deleted Key: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Deleted Key: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Deleted Key: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted Key: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Deleted Key: HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Deleted Key: HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Deleted Key: HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASAPI32
Deleted Key: HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASMANCS
Deleted Key: HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Deleted Key: HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Deleted Key: HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Deleted Key: HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Deleted Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Deleted Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Deleted Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Deleted Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Deleted Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Deleted Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Deleted Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Deleted Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Deleted Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Deleted Key: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Deleted Key: HKLM\Software\Tarma Installer
Deleted Key: HKLM\Software\YourFileDownloader
Deleted Value: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Deleted Value: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Deleted Value: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Deleted Value: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
Replaced: [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.babylon.com/?affID=116632&tt=0313_4&babsrc=HP_ss&mntrId=b4edc2e20000000000002e0f6e95b234 --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0 (en-US)
File: C:\Users\Vedha\AppData\Roaming\Mozilla\Firefox\Profiles\fza83jgb.default\prefs.js
C:\Users\Vedha\AppData\Roaming\Mozilla\Firefox\Profiles\fza83jgb.default\user.js ... Deleted!
Deleted: user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1");
Deleted: user_pref("avg.install.userSPSettings", "Ask.com");
Deleted: user_pref("browser.search.order.1", "Ask.com");
Deleted: user_pref("browser.search.selectedEngine", "Ask.com");
Deleted: user_pref("extensions.BabylonToolbar.admin", false);
Deleted: user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted: user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted: user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Deleted: user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted: user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted: user_pref("extensions.BabylonToolbar.id", "b4edc2e20000000000002e0f6e95b234");
Deleted: user_pref("extensions.BabylonToolbar.instlDay", "15724");
Deleted: user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted: user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted: user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted: user_pref("extensions.BabylonToolbar.rvrt", "false");
Deleted: user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted: user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted: user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Deleted: user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Deleted: user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted: user_pref("extensions.BabylonToolbar_i.babTrack", "affID=116632&tt=0313_4");
Deleted: user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Deleted: user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted: user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted: user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted: user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.221:20:30");
-\\ Google Chrome v25.0.1364.172
File: C:\Users\Vedha\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] The file contains no illegitimate entries.
*************************
AdwCleaner[R1].txt - [17758 bytes] - [25/03/2013 12:06:50]
AdwCleaner[S1].txt - [17891 bytes] - [25/03/2013 14:39:09]
########## EOF - C:\AdwCleaner[S1].txt - [17952 bytes] ##########
I still have the same problem of pop-up windows when launching all applications, but it's already an improvement if AdwCleaner managed to get rid of Babylon toolbar, which I have tried to remove many times in the past.
What else should I do? Do you know where my problem is coming from?
Thank you for your help, Electrician 69. -
the cleaning is not finished!
follow up with ADWC, click on uninstall, (I’ll leave it to you to find the right button, as I have no knowledge of Spanish :P )
please send me a new zhpdiag report via cjoint
--
O.o°*Member, Security Contributor CCM o°.Oø¤º°'°º¤ø
=>>Breathe deeply, write your message in good French and clearly. It’s going to be okay, you’ll see, well we’ll try!!! o°Oø -
Désolé, je ne peux pas accéder aux liens.
-
Install the latest version of Adobe Reader from its dedicated website!
Be careful with the installation of toolbars!!!
Strongly avoid P2P!!
* /!\ Warning /!\,
* this script is only valid for this PC, during cleaning, do not use on another PC, risk of crashing!
* Launch ZHPFix via the shortcut on your Desktop
/!\ Users of Vista, Seven and W8:
* Right-click on the ZHPFix icon, "Run as Administrator"
* * Copy ( Ctrl + C ) and paste ( Ctrl + V ) the following bold lines into ZHPFix:
---------------------------------------------------------
O3 - Toolbar: (no name) - [HKLM]{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Orphan key
O23 - Service: (vToolbarUpdater14.2.0) . (.No owner - ToolbarU Application.) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.cc", "AR");
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.client_js_http_src", "");
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.client_js_https_src", "");
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.currLocale", "es-es");
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.date", "1361536247000");
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.finished", "14.2.0.1");
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.guardCountInit", 156);
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.guardKUCount", 0);
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.guardKUCountInit", 156);
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.guardPopupCountInit", -1);
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.guardSPCountInit", 156);
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.guardSPPopupCountInit", -1);
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.guid", "{148f274d-b5ef-4d81-89e2-1de2e8aa7d8d}");
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.lastUpdaterReq", "1361536249000");
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.laststatreq", "1361536249000");
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.newtab", true);
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.overlayVersion", "634961130452065000");
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.rewardsDisabled", true);
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.userHPSettings", "www.google.com");
O69 - SBI: prefs.js [Vedha - fza83jgb.default] user_pref("avg.install.userKUSettings", "KWURL NOT REGISTERED");
O69 - SBI: SearchScopes [HKCU] {9D38981F-BA09-444E-80AB-806E5D97291C} - (Ask Search) - http://www.search.ask.com/?o=10148&l=dis [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
C:\Program Files\Common Files\AVG Secure Search
SR - | Auto 968880 | (vToolbarUpdater14.2.0) . (...) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
O4 - HKLM\..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe (.not file.)
[HKLM\Software\PCTools]
[MD5.00000000000000000000000000000000] [APT] [YourFile DownloaderUpdate] (...) -- C:\Program Files\YourFileDownloader\YourFileUpdater.exe (.not file.) [0]
[HKCU\Software\SweetIM]
[HKLM\Software\SweetIM]
O43 - CFD: 24/03/2013 - 06:31:52 p.m. - [0,197] ----D C:\Users\Vedha\AppData\Local\Updater21810
O45 - LFCP:[MD5.6CE17B9A3B3F4CC8553B570B817A8B6A] - 24/03/2013 - 06:32:04 p.m. ---A- - C:\Windows\Prefetch\GIANT SAVINGS EXTENSION.EXE-AA4A28D4.pf
O61 - LFC: 24/03/2013 - 06:31:52 p.m. ---A- C:\Users\Vedha\AppData\Local\Updater21810\Updater21810.exe [206336]
O61 - LFC: 25/03/2013 - 02:39:31 p.m. ---A- C:\Users\Vedha\AppData\Local\Temp\toolbar_log.txt [98670629]
[MD5.854BA8341B0468B6B68BE1FD40A6361D] [SPRF][27/02/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Vedha\AppData\Local\Temp\guninstall17273413.exe [378368]
O87 - FAEL: "{7202698D-3E55-44F9-9610-EF4629D674C9}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\YourFileDownloader\Downloader.exe (.not file.)
O87 - FAEL: "{CA9E0A82-60F3-4B5A-8C6A-C3C68D5F189E}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\YourFileDownloader\Downloader.exe (.not file.)
O87 - FAEL: "{5A26EDF9-8798-437A-B1C5-693D0B36E625}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files\YourFileDownloader\YourFile.exe (.not file.)
O87 - FAEL: "{22C82795-588E-404C-BA53-8A9D23B68E06}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files\YourFileDownloader\YourFile.exe (.not file.)
[HKLM\Software\Microsoft\Tracing\YourFile_RASAPI32]
[HKLM\Software\Microsoft\Tracing\YourFileUpdater_RASAPI32]
[HKLM\Software\Microsoft\Tracing\YourFileUpdater_RASMANCS]
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181110}]
C:\Users\Vedha\AppData\Local\Updater21810
C:\Users\Vedha\AppData\Local\Temp\guninstall17273413.exe
Emptytemp
EmptyClsid
Firewallraz
----------------------------------------------------------
- Click on the "GO" button to start the cleanup,
- confirm the cleanup
- Copy/paste the entire report in your next response
--
O.o°*Member, Security Contributor CCM o°.Oø¤º°'°º¤ø
=>> Breathe deeply, write your message in good French and clearly. It will be fine, you'll see, at least we will try!!! o°Oø-
Hello,
here is the ZHPfix report:
ZHPFix Report 2013.3.9.1 by Nicolas Coolman, Update on 9/03/2013
Export Registry File: C:\ZHP\ZHPExportRegistry-26-03-2013-12-25-40 p.m..txt
Run by Vedha at 26/03/2013 12:25:40 p.m.
High Elevated Privileges: OK
Windows Vista Starter Edition, 32-bit (Build 6000)
========== Registry Keys ==========
ABSENT Key: Service: vToolbarUpdater14.2.0
ABSENT SearchScopes: {9D38981F-BA09-444E-80AB-806E5D97291C}
ABSENT Key: HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
ABSENT Key: HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
ABSENT Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
ABSENT Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
ABSENT Key: HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
ABSENT Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} \Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
ABSENT Key: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ABSENT Key: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
ABSENT Key: HKLM\Software\PCTools
ABSENT Key: HKCU\Software\SweetIM
ABSENT Key: HKLM\Software\SweetIM
ABSENT Key: HKLM\Software\Microsoft\Tracing\YourFile_RASAPI32
ABSENT Key: HKLM\Software\Microsoft\Tracing\YourFileUpdater_RASAPI32
ABSENT Key: HKLM\Software\Microsoft\Tracing\YourFileUpdater_RASMANCS
ABSENT Key: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181110}
========== Registry Values ==========
ABSENT Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
ABSENT RunValue: vProt
ABSENT {7202698D-3E55-44F9-9610-EF4629D674C9}
ABSENT {CA9E0A82-60F3-4B5A-8C6A-C3C68D5F189E}
ABSENT {5A26EDF9-8798-437A-B1C5-693D0B36E625}
ABSENT {22C82795-588E-404C-BA53-8A9D23B68E06}
No value present in the registry key "Standard Profile" FirewallRaz:
No value present in the registry key "Domain Profile" FirewallRaz:
========== Browser Preferences ==========
REMOVED Mozilla Pref: user_pref("avg.install.cc", "AR");
REMOVED Mozilla Pref: user_pref("avg.install.client_js_http_src", "");
REMOVED Mozilla Pref: user_pref("avg.install.client_js_https_src", "");
REMOVED Mozilla Pref: user_pref("avg.install.currLocale", "es-es");
REMOVED Mozilla Pref: user_pref("avg.install.date", "1361536247000");
REMOVED Mozilla Pref: user_pref("avg.install.finished", "14.2.0.1");
ABSENT Mozilla Pref: user_pref("avg.install.guardCountInit", 156); O3 - Toolbar: (no name) - [HKLM]{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Orphaned key
REMOVED Mozilla Pref: user_pref("avg.install.guardCountInit", 156);
REMOVED Mozilla Pref: user_pref("avg.install.guardKUCount", 0);
REMOVED Mozilla Pref: user_pref("avg.install.guardKUCountInit", 156);
REMOVED Mozilla Pref: user_pref("avg.install.guardPopupCountInit", -1);
REMOVED Mozilla Pref: user_pref("avg.install.guardSPCountInit", 156);
REMOVED Mozilla Pref: user_pref("avg.install.guardSPPopupCountInit", -1);
REMOVED Mozilla Pref: user_pref("avg.install.guid", "{148f274d-b5ef-4d81-89e2-1de2e8aa7d8d}");
REMOVED Mozilla Pref: user_pref("avg.install.lastUpdaterReq", "1361536249000");
REMOVED Mozilla Pref: user_pref("avg.install.laststatreq", "1361536249000");
REMOVED Mozilla Pref: user_pref("avg.install.newtab", true);
REMOVED Mozilla Pref: user_pref("avg.install.overlayVersion", "634961130452065000");
REMOVED Mozilla Pref: user_pref("avg.install.rewardsDisabled", true);
REMOVED Mozilla Pref: user_pref("avg.install.userHPSettings", "www.google.com");
REMOVED Mozilla Pref: user_pref("avg.install.userKUSettings", "KWURL NOT REGISTERED");
========== Folders ==========
No Empty CLSID Directories
========== Files ==========
ABSENT File: c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\toolbarupdater.exe
ABSENT Folder/File: c:\program files\common files\avg secure search
ABSENT File: c:\program files\avg secure search\vprot.exe
ABSENT File: c:\windows\prefetch\giant savings extension.exe-aa4a28d4.pf
ABSENT File: c:\users\vedha\appdata\local\updater21810\updater21810.exe
ABSENT File: c:\users\vedha\appdata\local\temp\toolbar_log.txt
ABSENT Folder/File: c:\users\vedha\appdata\local\temp\guninstall17273413.exe
ABSENT Folder/File: c:\users\vedha\appdata\local\updater21810
DELETED Windows Temporary
========== Scheduled Task ==========
ABSENT Task: YourFile DownloaderUpdate
========== Summary ==========
19: Registry Keys
8: Registry Values
1: Folders
9: Files
21: Browser Preferences
1: Scheduled Task
End of clean in amn m.s
========== Registry Files ==========
C:\ZHP\ZHPFix[R1].txt - 26/03/2013 12:23:48 p.m. [5966]
C:\ZHP\ZHPFix[R2].txt - 26/03/2013 12:25:40 p.m. [5296]
-
-
I fumbled a bit on the last task. I hope it worked anyway...
Otherwise, I was wondering if something needed to be done about line O20:
---\\ Value of Registry AppInit_DLLs and Winlogon Notify subkeys (autorun) (AppInit_DLLs Registry value Autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\ProgramData\BROWSE~1\261070~1.41\{C16C1~1\BROWSE~1.dll
~ AppInit DLL: Scanned in amn m.s
I'm saying this because it contains the path to the file mentioned in the windows that open on launch... -
Paste this line in Zhpfix and click on Go, we'll see what happens after a restart
--
O.o°*Member, Security Contributor CCM o°.Oø¤º°'°º¤ø
=>>Breathe deeply, write your message clearly and in proper French. It'll be fine, you'll see, well, we're trying!!! o°Oø -
Victory! Zhpfix managed to repair that line for me, or delete the problematic file, who knows? Anyway, what matters is that it was drastic; since the repair, I haven't had any more pesky "incorrect image" messages.
Should I do any other manipulations to complete the cleaning of my computer or can we assume it's cleaned, for now?
Thank you so much for guiding me through this cleaning. And thanks also for your advice: no more P2P and be careful of search bars that install automatically with free software.
I'm going to mark this topic as resolved, but if you have any last instructions, I'm all ears.
Thanks again, Electrician 69! -
not so fast:
there are still a few steps to completely finish the cleaning!
Download Malwarebytes' Anti-Malware and save it to your desktop:
https://fr.malwarebytes.com/mwb-download/
or:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
/!\Users of Vista, Windows 7, and W8: Right-click on the Malwarebytes' Anti-Malware logo, "run as Administrator"
. Double-click the downloaded file to start the installation process.
. In the "update" tab, click on the "Check for updates" button
. if the firewall asks for permission to connect for Malwarebytes, accept
. Once the update is complete
. go to the "Scan" tab
. Select Run a full scan
. Click on Scan
. The scan starts.
. At the end of the scan, a message appears: The scan has completed successfully. Click on 'Show Results' to display all found items.
. Click on Ok to continue.
. If any malware has been detected, click on Show Results
. Select all (or leave checked) and click on Remove Selected Malwarebytes will delete the files and registry keys and put a copy in quarantine.
. Malwarebytes will open Notepad and copy the scan report there.
. go to the report/log tab
. click on it to display it once displayed
. click on edit at the top of Notepad, then on select all
. click on edit again and then on copy and return to the forum and in your reply
. Right-click in the reply box and paste
. At the end of the scan, MBAM may need to restart the PC to finalize the removal, so don't panic, restart your PC !!!
If you need help, check out this tutorial:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
--
O.o°*Member, Security Contributor CCM o°.Oø¤º°'°º¤ø
=>>Breathe deeply, Write your message in good French and clearly. It's going to be fine, you'll see, well, let's try !!! o°Oø -
Here is the report from Malwarebytes:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.26.13
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Vedha :: VEDHA-PC [administrator]
03/26/2013 04:58:19 p.m.
mbam-log-2013-03-26 (16-58-19).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File system | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Item(s) scanned: 356332
Elapsed time: 2 hour(s), 15 minute(s), 15 second(s)
Memory processes detected: 0
(No malware detected)
Memory modules detected: 0
(No malware detected)
Registry key(s) detected: 0
(No malware detected)
Registry value(s) detected: 0
(No malware detected)
Registry data item(s) detected: 0
(No malware detected)
Folder(s) detected: 0
(No malware detected)
File(s) detected: 6
C:\Program Files\Adobe\Adobe Photoshop CS6\amtlib.dll (PUP.RiskwareTool.CK) -> Successfully quarantined and deleted.
C:\Users\Vedha\Documents\My docs\Programs\SoftonicDownloader_for_winrar.exe (PUP.OfferBundler.ST) -> Successfully quarantined and deleted.
C:\Users\Vedha\Documents\My docs\Programs\StarterBackgroundChanger\SoftonicDownloader_para_starter-background-changer.exe (PUP.OfferBundler.ST) -> Successfully quarantined and deleted.
C:\Users\Vedha\Documents\Programs\SoftonicDownloader_for_winrar.exe (PUP.OfferBundler.ST) -> Successfully quarantined and deleted.
C:\Users\Vedha\Documents\Programs\Crack Photoshop CS6 By DrKiller94\Crack By DrKiller94\32 Bits\amtlib.dll (PUP.RiskwareTool.CK) -> Successfully quarantined and deleted.
C:\Users\Vedha\Documents\Programs\StarterBackgroundChanger\SoftonicDownloader_para_starter-background-changer.exe (PUP.OfferBundler.ST) -> Successfully quarantined and deleted.
(end) -
Forget Softonic and 01n@t!
Restart your PC and let me know how it's working before we continue, there are a few more steps :D
See you later
--
O.o°*Member, Security Contributor CCM o°.Oø¤º°'°º¤ø
=>>Breathe deeply, write your message in proper French and clearly. It's going to be okay, you'll see, at least we're trying!!! o°Oø -
Hello Electrician 69,
My PC is working wonderfully. I took the opportunity to create a repair disk, in case of a future crash. I would have liked to make a backup, but I want to do it on an external hard drive and it doesn't show up as an option. I assume it's because I don't have enough space on that hard drive.
I'm ready for the next step, if there is one.
It's a shame about changing the background. Windows 7 Starter doesn't allow you to have a custom wallpaper, and this little software, made by a French person I believe, used to address that lack. I don't think there is another software like that.
- 1
- 2
Next