Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bizcoaching pop up


  • This topic is locked This topic is locked
41 replies to this topic

#1 tragsdale

tragsdale

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:01 AM

Posted 14 July 2013 - 06:14 AM

I am so new to all of this and apologize if I am not doing this right... I have read all the malware discussion guidelines and will not do anything unless told to by my expert.

I am having problems with a fmv music player trying to download and keeps popping up when I open  a new webpage. In the address bar it say bizocoaching.info website. My norton security suite keeps telling me

about  a Suspicious.Cloud.7.EP detected by Auto-Protect,Removed,Resolved - No Action Required. I am not sure if that has anything to do with it. 

Hoping to hear from u soon.

 

 
 

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 14 July 2013 - 08:48 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

 

Download and run OTL

  • Download OTL by OldTimer and save it to your desktop.
  • Double click on the OTL.exe icon on your desktop. If you are using Vista, please right-click and select run as administrator
  • Click the "Scan All Users" checkbox.


    Note: If you are using a Windows 64bit machine, please make sure the checkbox next to Include 64Bit Scans is checked. It will be checked by default.

  • Push the runscanbutton.png button.
  • It will now begin to scan, please be paitent while it scans.
  • Two reports will open once it's done.
  • Please copy and paste them in your next reply:
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 tragsdale

tragsdale
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:01 AM

Posted 14 July 2013 - 01:11 PM

Hi Marius I am so excited that you are helping me with my problem. I have read all that you asked me too and will follow steps very closely.  I have run the GMER exe. and here are the results from that. 

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-14 12:42:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005a WDC_WD32 rev.03.0 298.09GB
Running: brwlohej.exe; Driver: C:\Users\NANA'S~1\AppData\Local\Temp\fgtiikow.sys
 
 
---- Kernel code sections - GMER 2.1 ----
 
.text   C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                              fffff96000133e00 7 bytes [00, A3, F3, FF, 01, AF, F0]
.text   C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                                          fffff96000133e08 3 bytes [C0, 06, 02]
 
---- User code sections - GMER 2.1 ----
 
.text   C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe[1532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                         0000000077c4fc90 5 bytes JMP 000000010027091c
.text   C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe[1532] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                       0000000077c4fdf4 5 bytes JMP 0000000100270048
.text   C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe[1532] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                0000000077c4fe88 5 bytes JMP 00000001002702ee
.text   C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe[1532] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                             0000000077c4ffe4 5 bytes JMP 00000001002704b2
.text   C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe[1532] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                     0000000077c50018 5 bytes JMP 00000001002709fe
.text   C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe[1532] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                             0000000077c50048 5 bytes JMP 0000000100270ae0
.text   C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe[1532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                          0000000077c50064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe[1532] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                             0000000077c5077c 5 bytes JMP 000000010027012a
.text   C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe[1532] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                 0000000077c5086c 5 bytes JMP 0000000100270758
.text   C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe[1532] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                           0000000077c50884 5 bytes JMP 0000000100270676
.text   C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe[1532] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                               0000000077c50dd4 5 bytes JMP 00000001002703d0
.text   C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe[1532] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                         0000000077c51900 5 bytes JMP 0000000100270594
.text   C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe[1532] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                     0000000077c51bc4 5 bytes JMP 000000010027083a
.text   C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe[1532] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                            0000000077c51d50 5 bytes JMP 000000010027020c
.text   C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                      0000000077c4fc90 5 bytes JMP 000000010024091c
.text   C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                    0000000077c4fdf4 5 bytes JMP 0000000100240048
.text   C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                             0000000077c4fe88 5 bytes JMP 00000001002402ee
.text   C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                          0000000077c4ffe4 5 bytes JMP 00000001002404b2
.text   C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                  0000000077c50018 5 bytes JMP 00000001002409fe
.text   C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                          0000000077c50048 5 bytes JMP 0000000100240ae0
.text   C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                       0000000077c50064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                          0000000077c5077c 5 bytes JMP 000000010024012a
.text   C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                              0000000077c5086c 5 bytes JMP 0000000100240758
.text   C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                        0000000077c50884 5 bytes JMP 0000000100240676
.text   C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                            0000000077c50dd4 5 bytes JMP 00000001002403d0
.text   C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                      0000000077c51900 5 bytes JMP 0000000100240594
.text   C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                  0000000077c51bc4 5 bytes JMP 000000010024083a
.text   C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe[1768] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                         0000000077c51d50 5 bytes JMP 000000010024020c
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess          0000000077c4fc90 5 bytes JMP 000000010010091c
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory        0000000077c4fdf4 5 bytes JMP 0000000100100048
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                 0000000077c4fe88 5 bytes JMP 00000001001002ee
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread              0000000077c4ffe4 5 bytes JMP 00000001001004b2
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory      0000000077c50018 5 bytes JMP 00000001001009fe
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread              0000000077c50048 5 bytes JMP 0000000100100ae0
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread           0000000077c50064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant              0000000077c5077c 5 bytes JMP 000000010010012a
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject  0000000077c5086c 5 bytes JMP 0000000100100758
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx            0000000077c50884 5 bytes JMP 0000000100100676
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                0000000077c50dd4 5 bytes JMP 00000001001003d0
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread          0000000077c51900 5 bytes JMP 0000000100100594
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation      0000000077c51bc4 5 bytes JMP 000000010010083a
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1884] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread             0000000077c51d50 5 bytes JMP 000000010010020c
.text   C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                  0000000077c4fc90 5 bytes JMP 000000010009091c
.text   C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                0000000077c4fdf4 5 bytes JMP 0000000100090048
.text   C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                         0000000077c4fe88 5 bytes JMP 00000001000902ee
.text   C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                      0000000077c4ffe4 5 bytes JMP 00000001000904b2
.text   C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                              0000000077c50018 5 bytes JMP 00000001000909fe
.text   C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                      0000000077c50048 5 bytes JMP 0000000100090ae0
.text   C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                   0000000077c50064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                      0000000077c5077c 5 bytes JMP 000000010009012a
.text   C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                          0000000077c5086c 5 bytes JMP 0000000100090758
.text   C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                    0000000077c50884 5 bytes JMP 0000000100090676
.text   C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                        0000000077c50dd4 5 bytes JMP 00000001000903d0
.text   C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                  0000000077c51900 5 bytes JMP 0000000100090594
.text   C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                              0000000077c51bc4 5 bytes JMP 000000010009083a
.text   C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                     0000000077c51d50 5 bytes JMP 000000010009020c
.text   C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe[2052] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                         0000000076f31492 7 bytes JMP 00000001000e0680
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                       0000000077c4fc90 5 bytes JMP 000000010009091c
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                     0000000077c4fdf4 5 bytes JMP 0000000100090048
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                              0000000077c4fe88 5 bytes JMP 00000001000902ee
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                           0000000077c4ffe4 5 bytes JMP 00000001000904b2
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                   0000000077c50018 5 bytes JMP 00000001000909fe
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                           0000000077c50048 5 bytes JMP 0000000100090ae0
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                        0000000077c50064 5 bytes JMP 000000010002004c
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                           0000000077c5077c 5 bytes JMP 000000010009012a
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                               0000000077c5086c 5 bytes JMP 0000000100090758
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                         0000000077c50884 5 bytes JMP 0000000100090676
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                             0000000077c50dd4 5 bytes JMP 00000001000903d0
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                       0000000077c51900 5 bytes JMP 0000000100090594
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                   0000000077c51bc4 5 bytes JMP 000000010009083a
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                          0000000077c51d50 5 bytes JMP 000000010009020c
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                              0000000076f31492 7 bytes JMP 00000001000a04bc
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                         000000007585524f 7 bytes JMP 0000000100090f52
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                             00000000758553d0 7 bytes JMP 00000001000a0210
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                            0000000075855677 1 byte JMP 00000001000a0048
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                            0000000075855679 5 bytes {JMP 0xffffffff8a84a9d1}
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                   000000007585589a 7 bytes JMP 0000000100090ca6
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                   0000000075855a1d 7 bytes JMP 00000001000a03d8
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                              0000000075855c9b 7 bytes JMP 00000001000a012c
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                0000000075855d87 7 bytes JMP 00000001000a02f4
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                               0000000075857240 7 bytes JMP 0000000100090e6e
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                0000000076fd1465 2 bytes [FD, 76]
.text   C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe[4340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                               0000000076fd14bb 2 bytes [FD, 76]
.text   ...                                                                                                                                                          * 2
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                            0000000077c4fc90 5 bytes JMP 000000010024091c
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                          0000000077c4fdf4 5 bytes JMP 0000000100240048
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                   0000000077c4fe88 5 bytes JMP 00000001002402ee
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                0000000077c4ffe4 5 bytes JMP 00000001002404b2
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                        0000000077c50018 5 bytes JMP 00000001002409fe
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                0000000077c50048 5 bytes JMP 0000000100240ae0
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                             0000000077c50064 5 bytes JMP 000000010002004c
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                0000000077c5077c 5 bytes JMP 000000010024012a
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                    0000000077c5086c 5 bytes JMP 0000000100240758
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                              0000000077c50884 5 bytes JMP 0000000100240676
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                  0000000077c50dd4 5 bytes JMP 00000001002403d0
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                            0000000077c51900 5 bytes JMP 0000000100240594
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                        0000000077c51bc4 5 bytes JMP 000000010024083a
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                               0000000077c51d50 5 bytes JMP 000000010024020c
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                              000000007585524f 7 bytes JMP 0000000100240f52
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                  00000000758553d0 7 bytes JMP 0000000100310210
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                 0000000075855677 1 byte JMP 0000000100310048
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                 0000000075855679 5 bytes {JMP 0xffffffff8aaba9d1}
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                        000000007585589a 7 bytes JMP 0000000100240ca6
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                        0000000075855a1d 7 bytes JMP 00000001003103d8
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                   0000000075855c9b 7 bytes JMP 000000010031012c
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                     0000000075855d87 7 bytes JMP 00000001003102f4
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                    0000000075857240 7 bytes JMP 0000000100240e6e
.text   C:\Users\Nana's Toy\Downloads\brwlohej.exe[1548] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                   0000000076f31492 7 bytes JMP 00000001003104bc
 
---- Threads - GMER 2.1 ----
 
Thread  C:\Windows\system32\taskhost.exe [1332:1508]                                                                                                                 000007fefa321010
Thread  C:\Windows\system32\taskhost.exe [1332:1512]                                                                                                                 000007fefa311f38
Thread  C:\Windows\system32\taskhost.exe [1332:2220]                                                                                                                 000007fefa065170
Thread  C:\Windows\Explorer.EXE [1632:2148]                                                                                                                          000007fef7182154
Thread  C:\Windows\Explorer.EXE [1632:3520]                                                                                                                          000007fefc386204
Thread  C:\Windows\Explorer.EXE [1632:3156]                                                                                                                          000007fef1f72f9c
Thread  C:\Windows\Explorer.EXE [1632:3320]                                                                                                                          000007fef1be2118
Thread  C:\Windows\Explorer.EXE [1632:2820]                                                                                                                          000007fefa321010
Thread  C:\Windows\system32\svchost.exe [2080:2324]                                                                                                                  000007fef9d55fd0
Thread  C:\Windows\system32\svchost.exe [2080:2328]                                                                                                                  000007fef9d563ec
Thread  C:\Windows\system32\svchost.exe [2080:2044]                                                                                                                  000007fef16d8470
Thread  C:\Windows\system32\svchost.exe [2080:2592]                                                                                                                  000007fef16e2418
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2412:2076]                                                                   00000000717c102d
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2412:1904]                                                                   00000000714cf1dc
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2412:3280]                                                                   00000000714cf1dc
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2412:3284]                                                                   00000000714c55d3
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2412:3544]                                                                   000000007176c159
Thread  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2412:3740]                                                                   00000000714cf1dc
Thread  C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [1944:3088]                                                                                     0000000000020060
Thread  C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [1944:3428]                                                                                     0000000077c82e25
Thread  C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [1944:3452]                                                                                     0000000077c83e45
Thread  C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [1944:3488]                                                                                     0000000077c83e45
Thread  C:\Program Files\Windows Sidebar\sidebar.exe [3212:3256]                                                                                                     000007fef4d38c50
Thread  C:\Program Files\Windows Sidebar\sidebar.exe [3212:3260]                                                                                                     000007fef48219b0
Thread  C:\Program Files\Windows Sidebar\sidebar.exe [3212:3264]                                                                                                     000007fef48219b0
Thread  C:\Program Files\Windows Sidebar\sidebar.exe [3212:3432]                                                                                                     000007fef48219b0
Thread  C:\Program Files\Windows Sidebar\sidebar.exe [3212:3528]                                                                                                     000007fef3782040
Thread  C:\Program Files\Windows Sidebar\sidebar.exe [3212:3532]                                                                                                     000007fef3782040
 
---- Disk sectors - GMER 2.1 ----
 
Disk    \Device\Harddisk0\DR0                                                                                                                                        unknown MBR code
 
---- EOF - GMER 2.1 ----
 

 Now I am running the OTL and here are the results for that. 

 

OTL logfile created on: 7/14/2013 12:50:10 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nana's Toy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 64.69% Memory free
9.37 Gb Paging File | 7.61 Gb Available in Paging File | 81.23% Paging File free
Paging file location(s): C:\pagefile.sys 5758 5758 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.54 Gb Total Space | 192.52 Gb Free Space | 67.19% Space Free | Partition Type: NTFS
Drive D: | 11.45 Gb Total Space | 1.40 Gb Free Space | 12.19% Space Free | Partition Type: NTFS
 
Computer Name: NANASTOY-HP | User Name: Nana's Toy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/14 12:48:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nana's Toy\Downloads\OTL (7).exe
PRC - [2013/07/13 03:08:22 | 000,359,424 | ---- | M] () -- C:\Windows\SysWOW64\drivers\BleServicesCtrl.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/22 16:58:54 | 000,323,864 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe
PRC - [2013/03/27 03:39:24 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2013/01/24 12:22:50 | 000,093,440 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
PRC - [2012/12/23 22:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccsvchst.exe
PRC - [2012/12/10 17:12:38 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
PRC - [2012/12/10 17:12:02 | 000,225,280 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/26 08:30:18 | 000,687,104 | ---- | M] () -- C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
PRC - [2012/06/26 11:17:26 | 000,108,032 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
PRC - [2012/04/29 04:00:56 | 000,397,848 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/11/20 07:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2010/02/26 18:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/01/18 12:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/08/19 12:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/07/12 13:49:44 | 000,396,240 | ---- | M] () -- C:\Users\Nana's Toy\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 13:49:43 | 013,599,184 | ---- | M] () -- C:\Users\Nana's Toy\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
MOD - [2013/07/12 13:49:42 | 004,052,944 | ---- | M] () -- C:\Users\Nana's Toy\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 13:48:52 | 000,601,552 | ---- | M] () -- C:\Users\Nana's Toy\AppData\Local\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 13:48:51 | 000,123,344 | ---- | M] () -- C:\Users\Nana's Toy\AppData\Local\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 13:48:49 | 001,597,392 | ---- | M] () -- C:\Users\Nana's Toy\AppData\Local\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/04/22 16:59:02 | 001,045,272 | ---- | M] () -- C:\Program Files (x86)\Uniblue\Powersuite\ui_dll.dll
MOD - [2013/04/22 16:59:02 | 000,627,992 | ---- | M] () -- C:\Program Files (x86)\Uniblue\Powersuite\libGLESv2.dll
MOD - [2013/04/22 16:59:02 | 000,588,056 | ---- | M] () -- C:\Program Files (x86)\Uniblue\Powersuite\locale\en\resources.dll
MOD - [2013/04/22 16:59:00 | 020,763,928 | ---- | M] () -- C:\Program Files (x86)\Uniblue\Powersuite\libcef.dll
MOD - [2013/04/22 16:59:00 | 000,117,528 | ---- | M] () -- C:\Program Files (x86)\Uniblue\Powersuite\libEGL.dll
MOD - [2013/04/22 16:58:58 | 000,189,736 | ---- | M] () -- C:\Program Files (x86)\Uniblue\Powersuite\avformat-53.dll
MOD - [2013/04/22 16:58:58 | 000,123,176 | ---- | M] () -- C:\Program Files (x86)\Uniblue\Powersuite\avutil-51.dll
MOD - [2013/04/22 16:58:56 | 001,100,072 | ---- | M] () -- C:\Program Files (x86)\Uniblue\Powersuite\avcodec-53.dll
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\wincfi39.dll
MOD - [2010/01/18 12:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2009/08/19 12:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/04 08:32:34 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2010/01/04 08:32:32 | 000,502,888 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2013/07/13 03:08:22 | 000,359,424 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe -- (bthsrv)
SRV - [2013/06/18 10:25:19 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/27 03:39:24 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/24 12:22:50 | 000,093,440 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2012/12/23 22:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/12/10 17:12:38 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/26 08:30:18 | 000,687,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe -- (FastFreeConverterUpdt)
SRV - [2012/04/29 04:00:56 | 000,397,848 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/26 18:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/23 03:14:43 | 000,035,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2013/02/15 17:00:55 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/01/30 22:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/01/28 20:45:20 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/01/28 20:45:20 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/01/21 21:15:34 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012/12/10 17:12:10 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2012/12/10 17:12:10 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2012/11/15 21:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/27 22:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/07/22 20:34:24 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/24 03:55:35 | 000,014,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gmhidlow.sys -- (gmhidlow)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/01/19 14:44:32 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/10/27 20:10:02 | 000,346,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/09/11 19:18:28 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2005/11/03 03:00:00 | 000,055,552 | ---- | M] (Sonic Solutions) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2013/06/26 13:09:25 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130713.006\ex64.sys -- (NAVEX15)
DRV - [2013/06/26 13:09:25 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130713.006\eng64.sys -- (NAVENG)
DRV - [2013/06/11 05:05:01 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/05/31 11:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/02/15 17:29:22 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130712.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/12/10 17:12:02 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/12/10 17:12:02 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2012/08/08 23:17:35 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{884386D0-D1E2-4ECB-A97E-8E9D21637873}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{FA12E3DE-F3F5-4BCE-BA2C-9C5A4631DBA3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d2cf9842-af95-48cd-b873-bfbb48cd7f5e} - C:\Program Files (x86)\MixiDJ_V45\prxtbMixi.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{884386D0-D1E2-4ECB-A97E-8E9D21637873}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279141&CUI=UN89411439517366694
IE - HKLM\..\SearchScopes\{FA12E3DE-F3F5-4BCE-BA2C-9C5A4631DBA3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}: "URL" = http://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}: "URL" = http://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=4805c699d9594f339894ee3225f11311&tu=11JL0008y2B000s&sku=&tstsId=&ver=&
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - No CLSID value found
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\..\URLSearchHook: {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\..\URLSearchHook: {d2cf9842-af95-48cd-b873-bfbb48cd7f5e} - C:\Program Files (x86)\MixiDJ_V45\prxtbMixi.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\..\SearchScopes,DefaultScope = {AC1481B9-20D2-4E58-8D11-191B0FBE8EB5}
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\..\SearchScopes\{05727330-12A2-6573-6C66-81489A35331A}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=70001
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\..\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}: "URL" = http://www.dnsbasic.com/?prt=dnsbsc50r1&sp=&keywords={searchTerms}
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\..\SearchScopes\{884386D0-D1E2-4ECB-A97E-8E9D21637873}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\..\SearchScopes\{AC1481B9-20D2-4E58-8D11-191B0FBE8EB5}: "URL" = http://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=4805c699d9594f339894ee3225f11311&tu=11JL0008y2B000s&sku=&tstsId=&ver=&&r=286
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.smilebox.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10040&barid={32577C60-D891-11E2-9AA6-7071BC409BD0}
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\..\SearchScopes\{FA12E3DE-F3F5-4BCE-BA2C-9C5A4631DBA3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..CT3286042.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultthis.engineName: "KeyBar 1.8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Search By ZoneAlarm"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.5.9
FF - prefs.js..extensions.enabledAddons: %7B4E77EDAD-9566-4089-88D1-C81498CEE770%7D:3.5
FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.6.1
FF - prefs.js..extensions.enabledAddons: extension%40FastFreeConverter.com:4.0
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2.1
FF - prefs.js..extensions.enabledAddons: %7B9ed31f84-c8b3-4926-b950-dff74047ff79%7D:10.16.300.3
FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
FF - prefs.js..extensions.enabledAddons: tidynetwork%40tidynetwork:5.0
FF - prefs.js..extensions.enabledAddons: %7B32eaca6a-1ed0-4714-8386-e8627fc37f99%7D:1.1
FF - prefs.js..extensions.enabledAddons: wecarereminder%40bryan:4.1.20.1
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: donottrack%40checkpoint.com:2.2.5.1213
FF - prefs.js..extensions.enabledAddons: flaminglow-ff3-30%40glowplug.bitasylum.net:10.0.02
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {32eaca6a-1ed0-4714-8386-e8627fc37f99}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {4E77EDAD-9566-4089-88D1-C81498CEE770}:3.5
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {6847DFAE-037A-400c-A524-27F0A281B692}:2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "KeyBar 1.8 Customized Web Search"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Nana's Toy\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Nana's Toy\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nana's Toy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8:  File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nana's Toy\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nana's Toy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\gingersoftware.com/gingerPlugin: C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll (Ginger Software)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SMILEBOX\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/07/14 10:45:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/29 10:39:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/28 15:26:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/02/16 07:00:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/28 15:26:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\[email protected] [2013/05/07 02:19:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By Smilebox\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/18 10:25:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/18 10:25:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Nana's Toy\AppData\Roaming\Move Networks [2010/08/11 23:03:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/29 10:39:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\LyricsContainer\120.xpi [2013/07/13 17:47:53 | 000,007,589 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/18 10:25:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/18 10:25:03 | 000,000,000 | ---D | M]
 
[2012/08/28 12:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Extensions
[2013/07/13 17:48:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions
[2013/07/13 17:48:13 | 000,000,000 | ---D | M] ("FoodBuzz") -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\{2326C1C3-3E92-49da-A3FB-CB8AD8AD8F25}
[2012/03/11 13:39:45 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2012/08/27 17:25:52 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/08/17 22:07:15 | 000,000,000 | ---D | M] (Comcast Toolbar) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770}
[2013/07/13 17:47:59 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\{6347C0C1-FEAE-4ABC-AC9F-21042411DE68}
[2013/05/21 20:19:04 | 000,000,000 | ---D | M] (KeyBar 1.8) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
[2011/09/28 19:24:49 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2013/07/13 17:48:35 | 000,000,000 | ---D | M] (MixiDJ V45) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\{d2cf9842-af95-48cd-b873-bfbb48cd7f5e}
[2013/07/10 08:30:26 | 000,000,000 | ---D | M] (ZoneAlarm Do Not Track) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\[email protected]
[2012/10/08 06:13:24 | 000,000,000 | ---D | M] (Ebay Toolbar) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\[email protected]
[2013/07/10 08:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\wecarereminder@bryan
[2012/01/13 17:39:04 | 002,581,018 | ---- | M] () (No name found) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\[email protected]
[2012/10/07 01:31:24 | 000,027,267 | ---- | M] () (No name found) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\[email protected]
[2013/05/15 21:11:39 | 000,346,768 | ---- | M] () (No name found) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\[email protected]
[2012/09/12 00:27:06 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\[email protected]
[2011/02/03 15:32:16 | 000,043,427 | ---- | M] () (No name found) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770}\chrome\content\comcast.xpi.js
[2010/08/17 14:54:14 | 000,018,900 | ---- | M] () (No name found) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770}\chrome\content\weather.xpi.js
[2010/08/17 14:54:14 | 000,007,719 | ---- | M] () (No name found) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770}\chrome\skin\comcastxpi.css
[2013/07/10 08:17:56 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2013/04/30 20:51:55 | 000,001,294 | ---- | M] () -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\searchplugins\delta.xml
[2013/07/06 12:25:34 | 000,001,094 | ---- | M] () -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\searchplugins\keybar-18-customized-web-search.xml
[2011/10/03 08:46:36 | 000,002,468 | ---- | M] () -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\searchplugins\safesearch.xml
[2012/08/28 12:22:06 | 000,002,519 | ---- | M] () -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\searchplugins\Search_Results.xml
[2013/07/06 12:25:14 | 000,001,736 | ---- | M] () -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\searchplugins\sweetim.xml
[2013/07/10 08:17:05 | 000,001,488 | ---- | M] () -- C:\Users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\searchplugins\zonealarm.xml
[2013/07/12 17:22:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/18 10:25:01 | 000,000,000 | ---D | M] ("Ginger") -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/06/18 10:25:01 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/07/12 17:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/12 17:35:15 | 000,000,000 | ---D | M] (DnsBasic) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}
[2013/06/18 10:25:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/18 10:25:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\distribution\extensions
[2013/06/18 10:25:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013/06/18 10:25:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\content
[2013/06/18 10:25:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults
[2013/05/07 02:19:03 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\PROGRAM FILES (X86)\FAST FREE CONVERTER\FASTFREECONVERTER\[email protected]
File not found (No name found) -- C:\USERS\NANA'S TOY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HXNZVZFI.DEFAULT\EXTENSIONS\{0113D088-8ED1-468C-B225-585A9C53B5E3}
File not found (No name found) -- C:\USERS\NANA'S TOY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HXNZVZFI.DEFAULT\EXTENSIONS\{32EACA6A-1ED0-4714-8386-E8627FC37F99}
File not found (No name found) -- C:\USERS\NANA'S TOY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HXNZVZFI.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\NANA'S TOY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HXNZVZFI.DEFAULT\EXTENSIONS\TIDYNETWORK@TIDYNETWORK
[2012/12/28 15:26:14 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2008/12/01 11:50:26 | 000,004,946 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\comcast.xml
[2007/08/07 10:25:58 | 000,001,461 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2012/08/28 12:22:06 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Motive Management Plug-in (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll
CHR - plugin: Ginger (Enabled) = C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Nana's Toy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Nana's Toy\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: LyricsContainer = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh\1.120_0\
CHR - Extension: Entanglement = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Easter Mahjong = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoiejegkocgopenddncdmkjamdobalj\1.0.0.2_0\
CHR - Extension: Crazy4Jigsaws = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgliemokfgimmfodoeboneoibjklncc\1.1.1_0\
CHR - Extension: Beach in the Maldives = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddicfadfciaeikknlkcldgockejldhek\1_0\
CHR - Extension: Winter Mahjong = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddmhicnhpjfpgmcebbidppnammjebnkp\1.0.0.7_0\
CHR - Extension: Complitly plugin for chrome = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: Word Search = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj\1.0.0.1_0\
CHR - Extension: Word Search = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj\1.0.0.1_0\~
CHR - Extension: Motive Extension = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0\
CHR - Extension: Delta Toolbar = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\
CHR - Extension: Select Links App = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fieiaadegdcbmcgbgdllfphngbgepecc\4.3_0\
CHR - Extension: yealt = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gelpfbcidpeeelkmkjbofkcpihkcachn\1.0.2_0\
CHR - Extension: Christmas Mahjong = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmebaamjdfjkhaaifophgklodieiflm\1.0.0.1_0\
CHR - Extension: RealDownloader = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: MixiDJ V45 = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjklkgijkjfcfmmjmjlmcccholamaf\10.16.4.512_0\
CHR - Extension: Spell and Grammar checker by Ginger = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfieneakcjfaiglcfcgkidlkmlijjnh\0.1.0.301_0\
CHR - Extension: Family Barn = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhiooiniblcfbieifmogfclcnbbndjlb\2_0\
CHR - Extension: PoneyVallee = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcebbpjfmhfhghljpkjianfedoabllce\2_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.2.2_0\
CHR - Extension: Lagoonia = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjcaihkcddgdgaghmnmfpkkfilombbm\1.38_0\
CHR - Extension: Daily Jigsaw = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhhdobknmndpiljphdkcdmmlkphklfh\1.0.1_0\
CHR - Extension: Spring Mahjong = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohmgpjbkliggjliakneoaedilbaihhl\1.0.0.8_0\
CHR - Extension: Valentines Day Mahjong = C:\Users\Nana's Toy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgamjkpppddoomaiaoepbobjmeojblce\1.0.0.3_0\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Ginger Grammar & Spell Checker) - {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader64.dll ()
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Nana's Toy\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2:64bit: - BHO: (FoodBuzz) - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files (x86)\FoodBuzz\Extension\adxloader64.dll ()
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Ginger Grammar & Spell Checker) - {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files (x86)\Ginger\GingerIEAddin\adxloader.dll ()
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Nana's Toy\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Updater For Comcast Toolbar 3.5) - {164d3751-cac6-4a6d-becd-ea67df61d232} - C:\Program Files (x86)\comcasttb\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (FoodBuzz) - {1C6E034D-B4B6-4D96-94B5-4163A5EB2195} - C:\Program Files (x86)\FoodBuzz\Extension\adxloader.dll ()
O2 - BHO: (SelectionLinks) - {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - C:\Program Files (x86)\OApps\SelectionLinks.dll (SelectionLinks)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Yealt Class) - {40C78C4E-5AE5-4762-9B7D-D2DE31B03B77} - C:\Windows\SysWOW64\yealt.dll (Yealt)
O2 - BHO: (LyricsContainer) - {463B0ED4-8AFA-404B-90E7-4063A0708050} - C:\Program Files (x86)\LyricsContainer\120.dll (RYD Software)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files (x86)\comcasttb\comcastdx.dll ()
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (KeyBar 1.8 Toolbar) - {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll (Conduit Ltd.)
O2 - BHO: (Fast Free Converter 3.0) - {A071936A-AB6B-4978-9342-E47C06FCDEC1} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll (Fast Free Converter)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
O2 - BHO: (MixiDJ V45 Toolbar) - {d2cf9842-af95-48cd-b873-bfbb48cd7f5e} - C:\Program Files (x86)\MixiDJ_V45\prxtbMixi.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files (x86)\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (KeyBar 1.8 Toolbar) - {9ed31f84-c8b3-4926-b950-dff74047ff79} - C:\Program Files (x86)\KeyBar_1.8\prxtbKeyB.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MixiDJ V45 Toolbar) - {d2cf9842-af95-48cd-b873-bfbb48cd7f5e} - C:\Program Files (x86)\MixiDJ_V45\prxtbMixi.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\..\Toolbar\WebBrowser: (no name) - {4641532D-5636-006A-76A7-7A786E7484D7} - No CLSID value found.
O3 - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-3184504439-744475995-2388879454-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Comcast_McciTrayApp] C:\Program Files\Comcast\pcTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3184504439-744475995-2388879454-1001..\Run: [Active Desktop Calendar] C:\Program Files (x86)\XemiComputers\Active Desktop Calendar\ADC.exe File not found
O4 - HKU\S-1-5-21-3184504439-744475995-2388879454-1001..\Run: [ComcastAntispyClient] C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKU\S-1-5-21-3184504439-744475995-2388879454-1001..\Run: [FoodBuzzUpdate] C:\Program Files (x86)\FoodBuzz\Update\FoodBuzzUpdate.exe (FoodBuzz)
O4 - HKU\S-1-5-21-3184504439-744475995-2388879454-1001..\Run: [PowerSuite] C:\Program Files (x86)\Uniblue\Powersuite\launcher.exe (Uniblue Systems Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{201ED6A6-08C1-4B80-921A-8D4B52F55DEB}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/14 12:36:39 | 000,000,000 | ---D | C] -- C:\Users\Nana's Toy\Desktop\Bleeping
[2013/07/13 17:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/07/13 17:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MixiDJ_V45
[2013/07/13 17:49:10 | 000,000,000 | ---D | C] -- C:\Users\Nana's Toy\AppData\Local\Conduit
[2013/07/13 17:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Media Player
[2013/07/13 17:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Media Player
[2013/07/13 17:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FoodBuzz
[2013/07/13 17:48:06 | 004,953,944 | ---- | C] (FLVMPlayer                                                  ) -- C:\Users\Nana's Toy\Desktop\FLVMPlayer.exe
[2013/07/13 17:47:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsContainer
[2013/07/13 17:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OApps
[2013/07/13 17:21:51 | 000,000,000 | ---D | C] -- C:\Users\Nana's Toy\AppData\Local\NPE
[2013/07/12 17:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\DnsBasic
[2013/07/11 03:17:16 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/11 03:17:16 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/11 03:17:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/11 03:17:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/11 03:17:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/11 03:17:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/11 03:17:15 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/11 03:17:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/11 03:17:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/11 03:17:14 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/11 03:17:14 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/11 03:17:13 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/11 03:17:12 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/11 03:17:12 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/11 03:17:11 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/10 18:54:12 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/10 18:54:12 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/10 18:54:12 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/10 18:54:12 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/10 14:56:20 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/10 08:31:42 | 000,000,000 | ---D | C] -- C:\Users\Nana's Toy\AppData\Roaming\CheckPoint
[2013/07/10 08:19:14 | 000,000,000 | ---D | C] -- C:\Users\Nana's Toy\AppData\Roaming\XemiComputers
[2013/07/10 08:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XemiComputers
[2013/07/10 08:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013/06/24 22:32:41 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/24 22:32:29 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/23 03:14:43 | 000,035,936 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\amdkmpfd.sys
[2013/06/18 22:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2013/06/18 22:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare Player
[2013/06/18 22:31:21 | 000,000,000 | ---D | C] -- C:\Users\Nana's Toy\AppData\Local\Wondershare
[2013/06/18 22:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2013/06/18 22:30:44 | 000,000,000 | ---D | C] -- C:\Users\Nana's Toy\Documents\Wondershare Video Editor
[2013/06/18 22:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2013/06/18 22:29:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Wondershare
[2013/06/18 10:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KingsIsle Entertainment
[2013/06/18 10:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\KingsIsle Entertainment
[2013/06/18 10:24:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/06/15 20:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/06/15 20:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/15 20:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/06/15 20:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/06/15 20:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/06/15 20:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/06/15 20:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/14 12:41:01 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/07/14 12:30:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3184504439-744475995-2388879454-1001UA.job
[2013/07/14 12:26:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/14 12:24:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/14 12:20:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/14 10:49:47 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/14 10:49:47 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/14 10:42:29 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\LyricsContainer Update.job
[2013/07/14 10:42:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/14 10:42:20 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\powersuite_monitor.job
[2013/07/14 10:42:09 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/13 21:30:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3184504439-744475995-2388879454-1001Core.job
[2013/07/13 17:49:19 | 000,000,009 | ---- | M] () -- C:\END
[2013/07/13 17:48:43 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\FLV Media Player.lnk
[2013/07/13 17:48:07 | 004,953,944 | ---- | M] (FLVMPlayer                                                  ) -- C:\Users\Nana's Toy\Desktop\FLVMPlayer.exe
[2013/07/13 03:08:22 | 000,359,424 | ---- | M] () -- C:\Windows\SysWow64\drivers\BleServicesCtrl.exe
[2013/07/13 03:08:22 | 000,359,424 | ---- | M] () -- C:\Windows\SysWow64\drivers\blds.exe
[2013/07/12 17:32:53 | 000,000,000 | ---- | M] () -- C:\ProgramData\26283d353c263631443b24_c
[2013/07/11 06:11:54 | 000,367,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/11 03:30:43 | 000,794,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/11 03:30:43 | 000,660,740 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/11 03:30:43 | 000,121,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/10 08:16:38 | 000,033,958 | ---- | M] () -- C:\ProgramData\uninstaller.exe
[2013/07/10 07:14:47 | 000,023,068 | ---- | M] () -- C:\Users\Nana's Toy\Desktop\1000535_4737085116713_466793978_n.jpg
[2013/07/09 11:40:37 | 001,063,936 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2013/07/09 11:40:12 | 002,072,576 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2013/07/07 19:14:32 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2013/07/06 14:56:05 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/06 14:56:05 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/24 22:32:25 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/24 22:32:24 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/06/24 22:32:24 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/06/24 22:32:24 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/24 22:32:24 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/06/24 22:32:24 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/06/24 21:41:30 | 004,325,376 | ---- | M] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2013/06/23 03:14:43 | 000,035,936 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\amdkmpfd.sys
[2013/06/18 16:55:39 | 000,002,046 | ---- | M] () -- C:\Users\Nana's Toy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/06/18 10:25:16 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Play Pirate101.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/13 17:48:43 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\FLV Media Player.lnk
[2013/07/13 17:47:53 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\LyricsContainer Update.job
[2013/07/13 17:41:28 | 000,359,424 | ---- | C] () -- C:\Windows\SysWow64\drivers\BleServicesCtrl.exe
[2013/07/13 03:08:25 | 000,359,424 | ---- | C] () -- C:\Windows\SysWow64\drivers\blds.exe
[2013/07/12 17:32:53 | 000,000,000 | ---- | C] () -- C:\ProgramData\26283d353c263631443b24_c
[2013/07/10 08:16:38 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/07/10 07:14:47 | 000,023,068 | ---- | C] () -- C:\Users\Nana's Toy\Desktop\1000535_4737085116713_466793978_n.jpg
[2013/06/24 21:41:30 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2013/06/18 10:25:16 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Play Pirate101.lnk
[2013/05/05 01:39:42 | 000,114,176 | ---- | C] () -- C:\Users\Nana's Toy\AppData\Roaming\BabMaint.exe
[2013/02/18 19:31:17 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/01/07 18:23:31 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/01/22 01:00:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/11/21 02:36:47 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/11/08 08:10:10 | 000,000,022 | ---- | C] () -- C:\Users\Nana's Toy\AppData\Local\kodakpcd.ini
[2011/09/28 19:41:40 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011/05/12 13:48:29 | 000,001,940 | ---- | C] () -- C:\Users\Nana's Toy\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/19 13:43:59 | 000,000,391 | ---- | C] () -- C:\Users\Nana's Toy\AppData\Roaming\prefsdb.dat
[2010/10/17 21:17:17 | 000,005,632 | ---- | C] () -- C:\Users\Nana's Toy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/24 12:57:36 | 000,000,059 | ---- | C] () -- C:\ProgramData\user.ini
[2010/08/03 14:38:01 | 000,000,059 | ---- | C] () -- C:\Users\Nana's Toy\AppData\Local\Tempdir
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:0C5BC70E
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:45912F61
@Alternate Data Stream - 395 bytes -> C:\ProgramData\Temp:A27AB160
@Alternate Data Stream - 362 bytes -> C:\ProgramData\Temp:390B30B4
@Alternate Data Stream - 256 bytes -> C:\ProgramData\Temp:E21987F7
@Alternate Data Stream - 253 bytes -> C:\ProgramData\Temp:F68CB1A4
@Alternate Data Stream - 252 bytes -> C:\ProgramData\Temp:5133A494
@Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:95D421DF
@Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:C0893153
@Alternate Data Stream - 246 bytes -> C:\ProgramData\Temp:6E2D80C8
@Alternate Data Stream - 244 bytes -> C:\ProgramData\Temp:66FC2E6F
@Alternate Data Stream - 244 bytes -> C:\ProgramData\Temp:30E0D641
@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:5FC043A8
@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:40EE25BB
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:F7FFE8AF
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:661DC753
@Alternate Data Stream - 241 bytes -> C:\ProgramData\Temp:164561C8
@Alternate Data Stream - 240 bytes -> C:\ProgramData\Temp:F9EDCFB0
@Alternate Data Stream - 240 bytes -> C:\ProgramData\Temp:F2B81C2E
@Alternate Data Stream - 240 bytes -> C:\ProgramData\Temp:CF75D88F
@Alternate Data Stream - 240 bytes -> C:\ProgramData\Temp:BF6A2C54
@Alternate Data Stream - 240 bytes -> C:\ProgramData\Temp:3B4DA230
@Alternate Data Stream - 240 bytes -> C:\ProgramData\Temp:1E17A249
@Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:EA10407C
@Alternate Data Stream - 239 bytes -> C:\ProgramData\Temp:94BD36A2
@Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:B1786630
@Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:689AB7E9
@Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:488F7244
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:EFF3C3C8
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:869C6B4A
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:2512FA90
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:FD000392
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:420E14A1
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:2DF54B62
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:2216A431
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:10CB85CA
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:FBE5FDB9
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:70E897B5
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:512E1728
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:2636DE16
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:120B3AFD
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:F663BB74
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:3D2D1263
@Alternate Data Stream - 232 bytes -> C:\ProgramData\Temp:8B4B9596
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:00258EE7
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:EBCF5924
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:D72D7897
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:C946EBB2
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:A3B8F70C
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:870649A4
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:4EE95FE7
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:2AE74FF9
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:F19A4790
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:902C848D
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:664852B0
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:5A9F1AE5
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:2701CA70
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:FAB64002
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:AC4119D5
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:53BA2DF6
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:3D1D487A
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:0A74923C
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:BEE39E9B
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:AED33A42
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:697DDE2B
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:1C201DEB
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:A5A2814C
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:823606DE
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:2BD8AA8C
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:BACD3198
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:5080697C
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:DE875C30
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:77D98D08
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:4FA837B4
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:1CDEDE11
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:9BB8C675
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:5BC73C48
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:569CEE83
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:397D67BA
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:1ECED34B
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:E2CFA9CD
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:CBAF0C30
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:9725F1BC
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:9290C91C
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:59465B40
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:D9656460
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:E4EE99EF
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:954C27C6
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:65B8AF94
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:5D17C178
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:3E06C78F
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:2C678471
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:225CD7D5
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:AEABFEC4
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:A9056F42
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:9EE6560D
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:609CAC7C
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:9E4F05ED
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:8776F88E
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:24C072FF
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:554C6431
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:1E61A6E9
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:132714FA
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:EE69D7DF
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:7972CF54
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:3B812EE0
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:7B2BB690
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:4F96D8E6
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:2F141B68
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:A4241298
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:BDE339B9
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:D46ECFD5
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:DF0BC727
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:6C031E3E
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:067BF339
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:7DC6E295
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:C5BCA2A0
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:55818279
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:51F17BB8
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:BD9F7E4E
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:0D3CE40A
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:FBFC061F
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:63FFE8A6
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:330E66BD
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:3559A02E
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:0ED4AC2F
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:F437A62A
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:AABCC5A7
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:9B285B76
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:1B927722
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:10E0CEB1
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:561B1D2B
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:52641FBE
@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:95198126
@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:92A815D8
@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:3D36932D
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:78E0DF72
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:6A7ECC49
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:548AE60C
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:1CB3187E
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:28DB0DC4
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:17C48B08
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:FDDD8917
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:404390E0
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:197335E4
@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:2FC7B9E4
@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:DAEA514C
@Alternate Data Stream - 192 bytes -> C:\ProgramData\Temp:5E9B629B
@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:090FB735
@Alternate Data Stream - 184 bytes -> C:\ProgramData\Temp:98DFF516
@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:1B3901FA
@Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:8E5EA40F
@Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp:92B4CF89
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:F4CE9946
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:BFE54417
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:A8DFD30C
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:961B84C5
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:B8791731
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:A819A132
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:88A44CC1
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:24391EC1
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:195E8317
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:13019F4B
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:08E5EE32
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:C356A185
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:2530BFBE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:12D9D48F
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:E14FA16F
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:D9F34335
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:BF640EE5
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:BE6B5FC3
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A167A0BB
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:6EE8565A
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:363E775E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:26991AB9
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0785072C
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:48977386
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:371060CE
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:34C443B4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:E7B4296D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:DDF112BD
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:A39BC668
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:6ED8B881
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:6B7447D4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:2C8C1CCD
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:EB86F355
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E8B61305
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:8AED9359
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:80FA23CA
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:FB9F749F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:75CC0165
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:63210866
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:62AC0CCE
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:5DB36C47
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:4F7FE589
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:4A01545C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:2DF93164
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1A15E356
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:FC70A22A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:DE6EED8B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:AAA06E15
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:9C3AAD57
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:91DBDC84
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:3A7527E8
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:2775F9E2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:217A2324
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:0C73962F
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:ED2D63E4
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:BD34FFC5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:627153F1
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:3969ACF7
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:F142DBA9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D4558A0B
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:BD414E4B
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:AA0BC725
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:587F3582
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:43ECEA33
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:2E3F04BC
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:DB4C77AD
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:BF6C4AAC
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:8855A119
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:553056F1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:3651A580
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:3086B95F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:29F0CA7D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0BBF232A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:FCE69FCE
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:EA1919C7
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:7BFAAE70
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:5E73E1C2
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:341C1FBD
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:147A3409
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:0FE0A03C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:01070CA7
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:EE198B1F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:9BAC4211
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:7D1C258F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:D47B19A6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A88BE334
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A76A1B1B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A4E7D25F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:993185CB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:89C28CF6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:7C8AA9A6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:795F6DEC
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:71AEFFEB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4D551822
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:E8C44CB4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C76CFF82
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:9FD757A9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:8AD9C540
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:AD020DC3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A42FABF7
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:67CF910D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0DAD93FF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:092BD83A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:041ED421
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:EFBD4447
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:DE9AC04F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:D3A89E47
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:D1FE35E7
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:C48905F4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:99B20AD0
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:937C8022
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5511B474
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:54403233
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:3B454A5C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:23834E1E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:F94BD29B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E9645B80
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E6C6EB3B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:D5F1E592
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:B54E4B5A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:93D985FC
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:87A3A233
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:75798D9A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:52C24010
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:4A448DB2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1B389835
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:CFA8C6E3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:BEACE4C8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:68B61847
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:5FD26EF3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:4C31986D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:076D8ED2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E894A3ED
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:7A032A04
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3C4BD225
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:2211E7A0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:021496FB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D9771F40
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:852F2262
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:79875988
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:3BC173E4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:B2735F9E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:94874C0A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:8204AA35
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:151760F0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:F5B99CA4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:EF38B79C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:D5BF78B4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:C30487EE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:C2F24DB5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A5241382
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:9BFB769D
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:943971F5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:628C9914
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5A15BCD4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:51E66512
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:12258D63
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:104A1C3E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:EF0C5444
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E83EE313
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E6CDFB4A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A6D6E537
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5539129F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:D9592966
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:B139DDF3
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:8F067037
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:848CC150
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:22313216
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6401C7FF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4EEC7800
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:34EFF1F2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:EB42AC3C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:D48500F8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B38BEEEE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:927EC486
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:85345626
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:82529191
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:518C333F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:3DB6F365
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:2D2461E7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0C13C008
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:05F547A9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F72306CC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:E21433CE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:C36D0DFD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:B1381B34
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:ADF0A5DD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:98982C88
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:ECF3C50F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:86B7FDDB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4EC7F009
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:1D6B18F1
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:F6A0889A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:DB2748F7
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:386B39C3
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:1CB96B16
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:124B94C0
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:072F1F69
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:CEF2A14E
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:86B23CB4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:2B9555D8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:2AF322BF
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:D92485C9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:D385C0C1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:CD6E25A6
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:109734F6
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:B3196E8D
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:0DE96CF5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:0919E696
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:E0888117
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:D6D084A5
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:AECF4772
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:A6D89509
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:40D8F125
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:14362DF8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:774A0E14
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:71A89A93
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:072CBE6D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:03A039A3
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:E690114B
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:55E1514E
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:4DAE29C6
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:F3EFA8A8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:CB16385F
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:6C9F5E5E
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:65929158
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:614F17D3
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:938EC881
 
< End of report >
 

I hope I did this right!



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 15 July 2013 - 12:51 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 tragsdale

tragsdale
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:01 AM

Posted 15 July 2013 - 02:36 AM

I have run the combo fix.  Now I am unable to open anything like my goodle chrome, firefox, any kind of files..unless I open it under administrator...I really have to get this fixed...my husband needs to log in to operate the water tanks and system plants checks. It won't open those either....HELP!! oh please get me so I can open these. here are the combofix report. well I tried to open that also, it won't let me open it...I will have to try to attach it. I even tried to open the link to bleeping computer.com...won't open. I got lucky to open firefox and could briefly get into my email to send this...I pray u can help me get this back up.

 

ComboFix.txt

ComboFix 13-07-14.01 - Nana's Toy 07/15/2013   1:34.1.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.2610 [GMT -5:00]
Running from: c:\users\Nana's Toy\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Complitly
c:\program files (x86)\Complitly\chrome\ComplitlyChrome.crx
c:\program files (x86)\Complitly\FireFoxExtensionWithFF8Fix.exe
c:\program files (x86)\Complitly\FireFoxUninstaller.exe
c:\program files (x86)\Complitly\InstTracker.exe
c:\program files (x86)\Complitly\[email protected]\chrome.manifest
c:\program files (x86)\Complitly\[email protected]\chrome\content\appIcon.png
c:\program files (x86)\Complitly\[email protected]\chrome\content\browserOverlay.xul
c:\program files (x86)\Complitly\[email protected]\chrome\content\options.js
c:\program files (x86)\Complitly\[email protected]\chrome\content\options.xul
c:\program files (x86)\Complitly\[email protected]\chrome\content\utils.js
c:\program files (x86)\Complitly\[email protected]\defaults\preferences\predictad.js
c:\program files (x86)\Complitly\[email protected]\install.rdf
c:\program files (x86)\Complitly\System.Data.SQLite.dll
c:\program files (x86)\Complitly\unins000.dat
c:\program files (x86)\Complitly\unins000.exe
c:\programdata\26283d353c263631443b24_c
c:\programdata\DnsBasic
c:\programdata\DnsBasic\dnsbasic111.exe
c:\programdata\uninstaller.exe
c:\users\Nana's Toy\AppData\Roaming\BabMaint.exe
c:\users\Nana's Toy\AppData\Roaming\Island
c:\users\Nana's Toy\AppData\Roaming\Island\space.rgt
c:\users\Nana's Toy\AppData\Roaming\Roaming
c:\users\Nana's Toy\AppData\Roaming\Roaming\Nevosoft\Vampireville\settings.txt
c:\windows\SysWow64\yeALt.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_pcCMService
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-15 to 2013-07-15  )))))))))))))))))))))))))))))))
.
.
2013-07-15 06:43 . 2013-07-15 06:43    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-13 22:49 . 2013-07-13 22:49    --------    d-----w-    c:\program files (x86)\Conduit
2013-07-13 22:49 . 2013-07-14 18:22    --------    d-----w-    c:\users\Nana's Toy\AppData\Local\Conduit
2013-07-13 22:47 . 2013-07-14 18:23    --------    d-----w-    c:\program files (x86)\OApps
2013-07-13 22:41 . 2013-07-13 08:08    359424    ----a-w-    c:\windows\SysWow64\drivers\BleServicesCtrl.exe
2013-07-13 22:21 . 2013-07-13 22:44    --------    d-----w-    c:\users\Nana's Toy\AppData\Local\NPE
2013-07-13 08:08 . 2013-07-13 08:08    359424    ----a-w-    c:\windows\SysWow64\drivers\blds.exe
2013-07-10 23:54 . 2013-05-27 05:50    1011712    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2013-07-10 23:54 . 2013-05-27 05:50    571904    ----a-w-    c:\program files\Windows Defender\MpClient.dll
2013-07-10 23:54 . 2013-05-27 05:50    314880    ----a-w-    c:\program files\Windows Defender\MpCommu.dll
2013-07-10 23:54 . 2013-05-27 04:57    4608    ----a-w-    c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 23:54 . 2013-05-27 04:57    54784    ----a-w-    c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 23:54 . 2013-05-27 04:57    392704    ----a-w-    c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 23:54 . 2013-05-27 03:15    9216    ----a-w-    c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 23:54 . 2013-06-04 06:00    624128    ----a-w-    c:\windows\system32\qedit.dll
2013-07-10 23:54 . 2013-06-04 04:53    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2013-07-10 23:54 . 2013-05-06 06:03    1887744    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-10 23:54 . 2013-05-06 04:56    1620480    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 19:58 . 2013-06-05 03:34    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-07-10 19:58 . 2013-04-10 05:48    1732608    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 19:58 . 2013-04-10 05:46    1402880    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 19:58 . 2013-04-10 05:46    1393152    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 19:58 . 2013-04-10 05:46    1367040    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 19:58 . 2013-04-10 05:03    936448    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 19:56 . 2013-04-09 23:34    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2013-07-10 19:56 . 2013-04-02 22:51    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-10 13:31 . 2013-07-10 13:31    --------    d-----w-    c:\users\Nana's Toy\AppData\Roaming\CheckPoint
2013-07-10 13:19 . 2013-07-10 13:19    --------    d-----w-    c:\users\Nana's Toy\AppData\Roaming\XemiComputers
2013-07-10 13:18 . 2013-07-10 13:18    --------    d-----w-    c:\program files (x86)\XemiComputers
2013-07-10 13:15 . 2013-07-10 13:15    --------    d-----w-    c:\programdata\CheckPoint
2013-06-25 03:32 . 2013-06-25 03:32    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 02:41 . 2013-06-25 02:41    4325376    ----a-w-    c:\programdata\ReadOnlyInstaller.msi
2013-06-23 08:14 . 2013-06-23 08:14    35936    ----a-w-    c:\windows\system32\drivers\amdkmpfd.sys
2013-06-19 03:32 . 2013-06-19 03:32    --------    d-----w-    c:\program files\Common Files\Wondershare
2013-06-19 03:31 . 2013-06-19 08:50    --------    d-----w-    c:\programdata\Wondershare Player
2013-06-19 03:31 . 2013-06-19 03:31    --------    d-----w-    c:\users\Nana's Toy\AppData\Local\Wondershare
2013-06-19 03:31 . 2013-06-19 03:31    --------    d-----w-    c:\program files (x86)\Common Files\Wondershare
2013-06-19 03:30 . 2013-06-19 08:50    --------    d-----w-    c:\program files (x86)\Wondershare
2013-06-18 15:25 . 2013-06-18 15:25    --------    d-----w-    c:\programdata\KingsIsle Entertainment
2013-06-16 01:24 . 2013-06-16 01:24    --------    d-----w-    c:\program files\iPod
2013-06-16 01:24 . 2013-06-16 01:25    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-16 01:24 . 2013-06-16 01:25    --------    d-----w-    c:\program files\iTunes
2013-06-16 01:24 . 2013-06-16 01:25    --------    d-----w-    c:\program files (x86)\iTunes
2013-06-16 01:19 . 2013-06-16 01:19    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-16 01:19 . 2013-06-16 01:19    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-16 01:19 . 2013-06-16 01:19    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-16 01:19 . 2013-06-16 01:19    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-16 01:19 . 2013-06-16 01:19    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-16 01:19 . 2013-06-16 01:19    --------    d-----w-    c:\program files (x86)\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 08:20 . 2010-07-02 13:57    78185248    ----a-w-    c:\windows\system32\MRT.exe
2013-07-06 19:56 . 2012-01-02 02:32    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-06 19:56 . 2011-11-22 04:13    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-25 03:32 . 2012-12-09 04:00    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-06-25 03:32 . 2010-07-02 01:09    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-05-13 05:51 . 2013-06-12 04:34    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 04:34    1464320    ----a-w-    c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 04:34    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 04:34    52224    ----a-w-    c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 04:34    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 04:34    1160192    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 04:34    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 04:34    1192448    ----a-w-    c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 04:34    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 04:34    43008    ----a-w-    c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 04:33    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 04:33    24576    ----a-w-    c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 04:34    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-05-01 10:29 . 2010-06-24 16:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-01 08:59 . 2013-05-01 08:59    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 08:59 . 2013-05-01 08:59    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
2013-04-30 07:58 . 2013-04-30 07:58    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 07:58 . 2013-04-30 07:58    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 07:58 . 2013-04-30 07:58    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-04-30 07:58 . 2013-04-30 07:58    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-04-30 07:58 . 2013-04-30 07:58    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-04-30 07:58 . 2013-04-30 07:58    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-04-30 07:58 . 2013-04-30 07:58    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-04-30 07:58 . 2013-04-30 07:58    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-04-30 07:58 . 2013-04-30 07:58    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-04-30 07:58 . 2013-04-30 07:58    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-04-30 07:58 . 2013-04-30 07:58    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-04-30 07:58 . 2013-04-30 07:58    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-04-30 07:58 . 2013-04-30 07:58    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-04-30 07:58 . 2013-04-30 07:58    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-04-30 07:58 . 2013-04-30 07:58    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 07:58 . 2013-04-30 07:58    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 07:58 . 2013-04-30 07:58    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-04-30 07:58 . 2013-04-30 07:58    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 07:58 . 2013-04-30 07:58    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-04-30 07:58 . 2013-04-30 07:58    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-04-30 07:58 . 2013-04-30 07:58    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-04-30 07:58 . 2013-04-30 07:58    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-04-30 07:58 . 2013-04-30 07:58    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-04-30 07:58 . 2013-04-30 07:58    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-04-30 07:58 . 2013-04-30 07:58    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-04-30 07:58 . 2013-04-30 07:58    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-04-30 07:58 . 2013-04-30 07:58    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-04-30 07:58 . 2013-04-30 07:58    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-04-30 07:58 . 2013-04-30 07:58    441856    ----a-w-    c:\windows\system32\html.iec
2013-04-30 07:58 . 2013-04-30 07:58    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-04-30 07:58 . 2013-04-30 07:58    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-04-30 07:58 . 2013-04-30 07:58    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-04-30 07:58 . 2013-04-30 07:58    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-04-30 07:58 . 2013-04-30 07:58    235008    ----a-w-    c:\windows\system32\url.dll
2013-04-30 07:58 . 2013-04-30 07:58    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-04-30 07:58 . 2013-04-30 07:58    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-04-30 07:58 . 2013-04-30 07:58    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-04-30 07:58 . 2013-04-30 07:58    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-04-30 07:58 . 2013-04-30 07:58    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-04-30 07:58 . 2013-04-30 07:58    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-04-30 07:58 . 2013-04-30 07:58    149504    ----a-w-    c:\windows\system32\occache.dll
2013-04-30 07:58 . 2013-04-30 07:58    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-04-30 07:58 . 2013-04-30 07:58    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-04-30 07:58 . 2013-04-30 07:58    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-04-30 07:58 . 2013-04-30 07:58    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-04-30 07:58 . 2013-04-30 07:58    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-04-30 07:58 . 2013-04-30 07:58    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-04-30 07:58 . 2013-04-30 07:58    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-04-30 07:58 . 2013-04-30 07:58    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-04-26 05:51 . 2013-06-12 04:34    751104    ----a-w-    c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 04:34    492544    ----a-w-    c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 04:33    1505280    ----a-w-    c:\windows\SysWow64\d3d11.dll
2013-04-17 07:02 . 2013-06-12 04:33    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24 . 2013-06-12 04:33    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9ed31f84-c8b3-4926-b950-dff74047ff79}"= "c:\program files (x86)\KeyBar_1.8\prxtbKeyB.dll" [2013-05-16 231712]
.
[HKEY_CLASSES_ROOT\clsid\{9ed31f84-c8b3-4926-b950-dff74047ff79}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9ed31f84-c8b3-4926-b950-dff74047ff79}]
2013-05-16 12:13    231712    ----a-w-    c:\program files (x86)\KeyBar_1.8\prxtbKeyB.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A071936A-AB6B-4978-9342-E47C06FCDEC1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-03-13 11:00    251288    ----a-w-    c:\program files (x86)\Delta\delta\1.8.16.16\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll" [2013-03-13 325016]
"{9ed31f84-c8b3-4926-b950-dff74047ff79}"= "c:\program files (x86)\KeyBar_1.8\prxtbKeyB.dll" [2013-05-16 231712]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{9ed31f84-c8b3-4926-b950-dff74047ff79}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
"PowerSuite"="c:\progra~2\Uniblue\POWERS~1\launcher.exe" [2013-04-22 26392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys;c:\windows\SYSNATIVE\DRIVERS\rcmirror.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 PxHlpa64;PxHlpa64;c:\windows\system32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1403010.016\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1403010.016\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1403010.016\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1403010.016\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\1403010.016\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1403010.016\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130712.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130712.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1403010.016\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1403010.016\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1403010.016\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1403010.016\SYMNETS.SYS [x]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [x]
S2 bthsrv;Bluetooth Service;c:\windows\SysWOW64\Drivers\BleServicesCtrl.exe;c:\windows\SysWOW64\Drivers\BleServicesCtrl.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 FastFreeConverterUpdt;FastFreeConverterUpdt;c:\program files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe;c:\program files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [x]
S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe;c:\programdata\IBUpdaterService\ibsvc.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe;c:\program files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 gmhidlow;HID Mouse Lower Filter;c:\windows\system32\DRIVERS\gmhidlow.sys;c:\windows\SYSNATIVE\DRIVERS\gmhidlow.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-22 08:39]
.
2013-07-15 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Nana's Toy\AppData\Local\SwvUpdater\Updater.exe [2013-02-19 13:59]
.
2013-07-08 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 14:15]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 14:15]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3184504439-744475995-2388879454-1001Core.job
- c:\users\Nana's Toy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-01 16:00]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3184504439-744475995-2388879454-1001UA.job
- c:\users\Nana's Toy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-01 16:00]
.
2013-07-15 c:\windows\Tasks\powersuite_monitor.job
- c:\program files (x86)\Uniblue\Powersuite\powersuite_monitor.exe [2013-02-04 21:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-01-18 2727936]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=4805c699d9594f339894ee3225f11311&tu=11JL0008y2B000s&sku=&tstsId=&ver=&
uDefault_Search_URL = hxxp://www.google.com/ie
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://start.smilebox.com/?src=10&st=12&crg=3.5000006.10040&barid={32577C60-D891-11E2-9AA6-7071BC409BD0}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=4805c699d9594f339894ee3225f11311&tu=11JL0008y2B000s&sku=&tstsId=&ver=&
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298581&SearchSource=2&CUI=UN61998189929148376&UM=2&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-05-21 20:19; {9ed31f84-c8b3-4926-b950-dff74047ff79}; c:\users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
FF - ExtSQL: 2013-07-10 08:17; tidynetwork@tidynetwork; c:\users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\tidynetwork@tidynetwork
FF - ExtSQL: 2013-07-10 08:30; {32eaca6a-1ed0-4714-8386-e8627fc37f99}; c:\users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\{32eaca6a-1ed0-4714-8386-e8627fc37f99}
FF - ExtSQL: 2013-07-10 08:30; wecarereminder@bryan; c:\users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\wecarereminder@bryan
FF - ExtSQL: 2013-07-10 08:30; [email protected]; c:\users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\[email protected]
FF - ExtSQL: 2013-07-10 08:30; [email protected]; c:\users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\[email protected]
FF - ExtSQL: 2013-07-12 17:32; {650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}
FF - ExtSQL: !HIDDEN! 2010-10-29 10:39; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extentions.y2layers.installId - e42beb4b-4a3a-4843-906b-7a709f1e98cc
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 287a5c4e0000000000007071bc409bd0
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15826
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1620:51
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=4805c699d9594f339894ee3225f11311&tu=11JL0008y2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=4805c699d9594f339894ee3225f11311&tu=11JL0008y2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=4805c699d9594f339894ee3225f11311&tu=11JL0008y2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=4805c699d9594f339894ee3225f11311&tu=11JL0008y2B000s&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 287a5c4e0000000000007071bc409bd0
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15896
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.168:17
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 5043
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN118838956637513-5043
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE "%1"
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
BHO-{1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - (no file)
BHO-{40C78C4E-5AE5-4762-9B7D-D2DE31B03B77} - c:\windows\SysWow64\yealt.dll
BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
BHO-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Active Desktop Calendar - c:\program files (x86)\XemiComputers\Active Desktop Calendar\ADC.exe
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
Toolbar-10 - (no file)
WebBrowser-{4641532D-5636-006A-76A7-7A786E7484D7} - (no file)
AddRemove-DnsBasic - c:\program files (x86)\DnsBasic\uninstall.exe
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3184504439-744475995-2388879454-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3184504439-744475995-2388879454-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Kodak\KODAK Share Button App\Listener.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2013-07-15  01:52:14 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-15 06:52
.
Pre-Run: 210,865,340,416 bytes free
Post-Run: 210,134,974,464 bytes free
.
- - End Of File - - A6F7C7DB474CD65821B70DD45E0F8D40
D54F15D24626FEFA237351EEF2114926
 

:dance:



#6 tragsdale

tragsdale
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:01 AM

Posted 15 July 2013 - 02:42 AM

In my panic....I reread your instructions,,,and saw at the bottom to restart my computer in hopes that it would fix the problems of me not opening my programs....It worked..



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 15 July 2013 - 03:26 AM

Don´t panic, we´ll handle this together! :)

 

 

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 tragsdale

tragsdale
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:01 AM

Posted 15 July 2013 - 08:17 AM

Much calmer today...:)  Here are the combofix with the cfscript.  Thank you for having patience with me... :wink:

 

ComboFix 13-07-14.01 - Nana's Toy 07/15/2013   7:47.2.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.2694 [GMT -5:00]
Running from: c:\users\Nana's Toy\Desktop\ComboFix.exe
Command switches used :: c:\users\Nana's Toy\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\AmiUpdXp.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alert.dll
c:\program files (x86)\Delta
c:\program files (x86)\Delta\delta\1.8.16.16\bh\delta.dll
c:\program files (x86)\Delta\delta\1.8.16.16\deltaApp.dll
c:\program files (x86)\Delta\delta\1.8.16.16\deltaEng.dll
c:\program files (x86)\Delta\delta\1.8.16.16\deltasrv.exe
c:\program files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll
c:\program files (x86)\Delta\delta\1.8.16.16\escortShld.dll
c:\program files (x86)\Delta\delta\1.8.16.16\GUninstaller.exe
c:\program files (x86)\Delta\delta\1.8.16.16\uninstall.exe
c:\program files (x86)\Fast Free Converter
c:\program files (x86)\Fast Free Converter\FastFreeConverter\[email protected]\chrome.manifest
c:\program files (x86)\Fast Free Converter\FastFreeConverter\[email protected]\content\browserOverlay.js
c:\program files (x86)\Fast Free Converter\FastFreeConverter\[email protected]\content\browserOverlay.xul
c:\program files (x86)\Fast Free Converter\FastFreeConverter\[email protected]\defaults\preferences\defaults.js
c:\program files (x86)\Fast Free Converter\FastFreeConverter\[email protected]\install.rdf
c:\program files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll
c:\program files (x86)\Fast Free Converter\FastFreeConverter\uninstall_plugin.exe
c:\program files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
c:\program files (x86)\Fast Free Converter\install.ico
c:\program files (x86)\Fast Free Converter\uninstall.exe
c:\program files (x86)\KeyBar_1.8
c:\program files (x86)\KeyBar_1.8\GottenAppsContextMenu.xml
c:\program files (x86)\KeyBar_1.8\hk64tbKeyB.dll
c:\program files (x86)\KeyBar_1.8\hktbKeyB.dll
c:\program files (x86)\KeyBar_1.8\KeyBar_1.8ToolbarHelper.exe
c:\program files (x86)\KeyBar_1.8\ldrtbKeyB.dll
c:\program files (x86)\KeyBar_1.8\OtherAppsContextMenu.xml
c:\program files (x86)\KeyBar_1.8\prxtbKeyB.dll
c:\program files (x86)\KeyBar_1.8\SharedAppsContextMenu.xml
c:\program files (x86)\KeyBar_1.8\tbKeyB.dll
c:\program files (x86)\KeyBar_1.8\toolbar.cfg
c:\program files (x86)\KeyBar_1.8\ToolbarContextMenu.xml
c:\program files (x86)\KeyBar_1.8\uninstall.exe
c:\program files (x86)\OApps
c:\program files (x86)\SearchProtect
c:\program files (x86)\SearchProtect\bin\ChromeModule.dll
c:\program files (x86)\SearchProtect\bin\cltmng.exe
c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe
c:\program files (x86)\SearchProtect\bin\FirefoxModule.dll
c:\program files (x86)\SearchProtect\bin\InternetExplorerModule.dll
c:\program files (x86)\SearchProtect\bin\msvcp100.dll
c:\program files (x86)\SearchProtect\bin\msvcr100.dll
c:\program files (x86)\SearchProtect\bin\SPHook32.dll
c:\program files (x86)\SearchProtect\bin\SPRunner.exe
c:\program files (x86)\SearchProtect\bin\uninstall.exe
c:\program files (x86)\SearchProtect\Dialogs\dialogsApi.js
c:\program files (x86)\SearchProtect\Dialogs\lib\jquery.min.js
c:\program files (x86)\SearchProtect\Dialogs\lib\json2.js
c:\program files (x86)\SearchProtect\Dialogs\spbd\bubble.css
c:\program files (x86)\SearchProtect\Dialogs\spbd\bubble.js
c:\program files (x86)\SearchProtect\Dialogs\spbd\images\information.png
c:\program files (x86)\SearchProtect\Dialogs\spbd\images\x-default-LTR.png
c:\program files (x86)\SearchProtect\Dialogs\spbd\images\x-default-RTL.png
c:\program files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\program files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\program files (x86)\SearchProtect\Dialogs\spbd\main.html
c:\program files (x86)\SearchProtect\Dialogs\spsd\images\ok-button.png
c:\program files (x86)\SearchProtect\Dialogs\spsd\images\separation-line.png
c:\program files (x86)\SearchProtect\Dialogs\spsd\images\warning.png
c:\program files (x86)\SearchProtect\Dialogs\spsd\main.html
c:\program files (x86)\SearchProtect\Dialogs\spsd\SearchProtector.css
c:\program files (x86)\SearchProtect\Dialogs\spsd\settings.js
c:\program files (x86)\SearchProtect\ffprotect\abstraction.js
c:\program files (x86)\SearchProtect\ffprotect\application.js
c:\program files (x86)\SearchProtect\ffprotect\nsprotector.js
c:\programdata\IBUpdaterService
c:\programdata\IBUpdaterService\ibsvc.exe
c:\programdata\IBUpdaterService\repository.xml
c:\users\Nana's Toy\AppData\Local\Conduit
c:\users\Nana's Toy\AppData\Local\SwvUpdater
c:\users\Nana's Toy\AppData\Local\SwvUpdater\status.cfg
c:\users\Nana's Toy\AppData\Local\SwvUpdater\Updater.exe
c:\users\Nana's Toy\AppData\Local\SwvUpdater\Updater.xml
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_CltMngSvc
-------\Service_FastFreeConverterUpdt
-------\Service_IBUpdaterService
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-15 to 2013-07-15  )))))))))))))))))))))))))))))))
.
.
2013-07-13 22:41 . 2013-07-13 08:08 359424 ----a-w- c:\windows\SysWow64\drivers\BleServicesCtrl.exe
2013-07-13 22:21 . 2013-07-13 22:44 -------- d-----w- c:\users\Nana's Toy\AppData\Local\NPE
2013-07-13 08:08 . 2013-07-13 08:08 359424 ----a-w- c:\windows\SysWow64\drivers\blds.exe
2013-07-10 23:54 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 23:54 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-10 23:54 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-10 23:54 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 23:54 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 23:54 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 23:54 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 23:54 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 23:54 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 23:54 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 23:54 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 19:58 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 19:58 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 19:58 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 19:58 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 19:58 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 19:58 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 19:56 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 19:56 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 13:31 . 2013-07-10 13:31 -------- d-----w- c:\users\Nana's Toy\AppData\Roaming\CheckPoint
2013-07-10 13:19 . 2013-07-10 13:19 -------- d-----w- c:\users\Nana's Toy\AppData\Roaming\XemiComputers
2013-07-10 13:18 . 2013-07-10 13:18 -------- d-----w- c:\program files (x86)\XemiComputers
2013-07-10 13:15 . 2013-07-10 13:15 -------- d-----w- c:\programdata\CheckPoint
2013-06-25 03:32 . 2013-06-25 03:32 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 02:41 . 2013-06-25 02:41 4325376 ----a-w- c:\programdata\ReadOnlyInstaller.msi
2013-06-23 08:14 . 2013-06-23 08:14 35936 ----a-w- c:\windows\system32\drivers\amdkmpfd.sys
2013-06-19 03:32 . 2013-06-19 03:32 -------- d-----w- c:\program files\Common Files\Wondershare
2013-06-19 03:31 . 2013-06-19 08:50 -------- d-----w- c:\programdata\Wondershare Player
2013-06-19 03:31 . 2013-06-19 03:31 -------- d-----w- c:\users\Nana's Toy\AppData\Local\Wondershare
2013-06-19 03:31 . 2013-06-19 03:31 -------- d-----w- c:\program files (x86)\Common Files\Wondershare
2013-06-19 03:30 . 2013-06-19 08:50 -------- d-----w- c:\program files (x86)\Wondershare
2013-06-18 15:25 . 2013-06-18 15:25 -------- d-----w- c:\programdata\KingsIsle Entertainment
2013-06-16 01:24 . 2013-06-16 01:24 -------- d-----w- c:\program files\iPod
2013-06-16 01:24 . 2013-06-16 01:25 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-16 01:24 . 2013-06-16 01:25 -------- d-----w- c:\program files\iTunes
2013-06-16 01:24 . 2013-06-16 01:25 -------- d-----w- c:\program files (x86)\iTunes
2013-06-16 01:19 . 2013-06-16 01:19 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-16 01:19 . 2013-06-16 01:19 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-16 01:19 . 2013-06-16 01:19 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-16 01:19 . 2013-06-16 01:19 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-16 01:19 . 2013-06-16 01:19 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-16 01:19 . 2013-06-16 01:19 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 08:20 . 2010-07-02 13:57 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-06 19:56 . 2012-01-02 02:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-06 19:56 . 2011-11-22 04:13 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-25 03:32 . 2012-12-09 04:00 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-25 03:32 . 2010-07-02 01:09 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-13 05:51 . 2013-06-12 04:34 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 04:34 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 04:34 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 04:34 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 04:34 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 04:34 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 04:34 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 04:34 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 04:34 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 04:34 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 04:33 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 04:33 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 04:34 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-01 10:29 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-30 07:58 . 2013-04-30 07:58 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 07:58 . 2013-04-30 07:58 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 07:58 . 2013-04-30 07:58 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 07:58 . 2013-04-30 07:58 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 07:58 . 2013-04-30 07:58 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 07:58 . 2013-04-30 07:58 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 07:58 . 2013-04-30 07:58 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 07:58 . 2013-04-30 07:58 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 07:58 . 2013-04-30 07:58 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 07:58 . 2013-04-30 07:58 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 07:58 . 2013-04-30 07:58 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 07:58 . 2013-04-30 07:58 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 07:58 . 2013-04-30 07:58 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 07:58 . 2013-04-30 07:58 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 07:58 . 2013-04-30 07:58 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 07:58 . 2013-04-30 07:58 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 07:58 . 2013-04-30 07:58 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 07:58 . 2013-04-30 07:58 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 07:58 . 2013-04-30 07:58 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 07:58 . 2013-04-30 07:58 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 07:58 . 2013-04-30 07:58 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 07:58 . 2013-04-30 07:58 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 07:58 . 2013-04-30 07:58 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 07:58 . 2013-04-30 07:58 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 07:58 . 2013-04-30 07:58 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 07:58 . 2013-04-30 07:58 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 07:58 . 2013-04-30 07:58 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 07:58 . 2013-04-30 07:58 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 07:58 . 2013-04-30 07:58 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 07:58 . 2013-04-30 07:58 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 07:58 . 2013-04-30 07:58 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 07:58 . 2013-04-30 07:58 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 07:58 . 2013-04-30 07:58 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 07:58 . 2013-04-30 07:58 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 07:58 . 2013-04-30 07:58 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 07:58 . 2013-04-30 07:58 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 07:58 . 2013-04-30 07:58 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 07:58 . 2013-04-30 07:58 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 07:58 . 2013-04-30 07:58 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 07:58 . 2013-04-30 07:58 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 07:58 . 2013-04-30 07:58 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 07:58 . 2013-04-30 07:58 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 07:58 . 2013-04-30 07:58 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 07:58 . 2013-04-30 07:58 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 07:58 . 2013-04-30 07:58 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 07:58 . 2013-04-30 07:58 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 07:58 . 2013-04-30 07:58 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 07:58 . 2013-04-30 07:58 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 07:58 . 2013-04-30 07:58 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-26 05:51 . 2013-06-12 04:34 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 04:34 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 04:33 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-04-17 07:02 . 2013-06-12 04:33 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24 . 2013-06-12 04:33 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{40C78C4E-5AE5-4762-9B7D-D2DE31B03B77}]
c:\windows\SysWow64\yealt.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
"PowerSuite"="c:\progra~2\Uniblue\POWERS~1\launcher.exe" [2013-04-22 26392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys;c:\windows\SYSNATIVE\DRIVERS\rcmirror.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 PxHlpa64;PxHlpa64;c:\windows\system32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1403010.016\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1403010.016\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1403010.016\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1403010.016\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\1403010.016\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1403010.016\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130712.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130712.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1403010.016\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1403010.016\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1403010.016\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1403010.016\SYMNETS.SYS [x]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [x]
S2 bthsrv;Bluetooth Service;c:\windows\SysWOW64\Drivers\BleServicesCtrl.exe;c:\windows\SysWOW64\Drivers\BleServicesCtrl.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe;c:\program files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 gmhidlow;HID Mouse Lower Filter;c:\windows\system32\DRIVERS\gmhidlow.sys;c:\windows\SYSNATIVE\DRIVERS\gmhidlow.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-22 08:39]
.
2013-07-08 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 14:15]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 14:15]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3184504439-744475995-2388879454-1001Core.job
- c:\users\Nana's Toy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-01 16:00]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3184504439-744475995-2388879454-1001UA.job
- c:\users\Nana's Toy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-01 16:00]
.
2013-07-15 c:\windows\Tasks\powersuite_monitor.job
- c:\program files (x86)\Uniblue\Powersuite\powersuite_monitor.exe [2013-02-04 21:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-01-18 2727936]
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://start.smilebox.com/?src=10&st=12&crg=3.5000006.10040&barid={32577C60-D891-11E2-9AA6-7071BC409BD0}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\
FF - prefs.js: browser.search.defaulturl - 
FF - ExtSQL: 2013-05-21 20:19; {9ed31f84-c8b3-4926-b950-dff74047ff79}; c:\users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
FF - ExtSQL: 2013-07-10 08:30; wecarereminder@bryan; c:\users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\wecarereminder@bryan
FF - ExtSQL: 2013-07-10 08:30; [email protected]; c:\users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\[email protected]
FF - ExtSQL: 2013-07-12 17:32; {650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}
FF - ExtSQL: 2013-07-13 17:48; {d2cf9842-af95-48cd-b873-bfbb48cd7f5e}; c:\users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\{d2cf9842-af95-48cd-b873-bfbb48cd7f5e}
FF - ExtSQL: !HIDDEN! 2010-10-29 10:39; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extentions.y2layers.installId - e42beb4b-4a3a-4843-906b-7a709f1e98cc
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 287a5c4e0000000000007071bc409bd0
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15826
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1620:51
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=4805c699d9594f339894ee3225f11311&tu=11JL0008y2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=4805c699d9594f339894ee3225f11311&tu=11JL0008y2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=4805c699d9594f339894ee3225f11311&tu=11JL0008y2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=4805c699d9594f339894ee3225f11311&tu=11JL0008y2B000s&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 287a5c4e0000000000007071bc409bd0
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15896
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.168:17
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 5043
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN118838956637513-5043
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - (no file)
BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
BHO-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
BHO-{9ed31f84-c8b3-4926-b950-dff74047ff79} - c:\program files (x86)\KeyBar_1.8\prxtbKeyB.dll
BHO-{A071936A-AB6B-4978-9342-E47C06FCDEC1} - c:\progra~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL
BHO-{C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files (x86)\Delta\delta\1.8.16.16\bh\delta.dll
Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
Toolbar-10 - (no file)
WebBrowser-{4641532D-5636-006A-76A7-7A786E7484D7} - (no file)
AddRemove-delta - c:\program files (x86)\Delta\delta\1.8.16.16\GUninstaller.exe
AddRemove-DnsBasic - c:\program files (x86)\DnsBasic\uninstall.exe
AddRemove-Fast Free Converter - c:\program files (x86)\Fast Free Converter\uninstall.exe
AddRemove-KeyBar_1.8 Toolbar - c:\program files (x86)\KeyBar_1.8\uninstall.exe
AddRemove-SearchProtect - c:\program files (x86)\SearchProtect\bin\uninstall.exe
AddRemove-Updater Service - c:\programdata\IBUpdaterService\ibsvc.exe
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
AddRemove-{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} - c:\users\Nana's Toy\AppData\Local\SwvUpdater\Updater.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3184504439-744475995-2388879454-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3184504439-744475995-2388879454-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Kodak\KODAK Share Button App\Listener.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2013-07-15  08:07:46 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-15 13:07
ComboFix2.txt  2013-07-15 06:52
.
Pre-Run: 210,178,412,544 bytes free
Post-Run: 209,716,523,008 bytes free
.
- - End Of File - - 5C132BC60BC0522E4F15AA9762621EFD
D54F15D24626FEFA237351EEF2114926


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 16 July 2013 - 12:50 AM

Looks good!

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 tragsdale

tragsdale
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:01 AM

Posted 16 July 2013 - 08:43 AM

Good Morning, Here are the results of the ESET scan. 

 

C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js Win32/Conduit.SearchProtect.A application
C:\Program Files (x86)\Mozilla Firefox\components\sprotector.js Win32/Conduit.SearchProtect.A application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\bin\ChromeModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\bin\FirefoxModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\bin\SPHook32.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A application
C:\Qoobox\Quarantine\C\ProgramData\IBUpdaterService\ibsvc.exe.vir a variant of Win32/InstallBrain.A application
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\Nana's Toy\AppData\Roaming\SearchProtect\bin\ChromeModule.dll a variant of Win32/Conduit.SearchProtect.C application
C:\Users\Nana's Toy\AppData\Roaming\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.B application
C:\Users\Nana's Toy\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll a variant of Win32/Conduit.SearchProtect.C application
C:\Users\Nana's Toy\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll a variant of Win32/Conduit.SearchProtect.C application
C:\Users\Nana's Toy\AppData\Roaming\SearchProtect\bin\SPHook32.dll probably a variant of Win32/Conduit.SearchProtect.C application
C:\Users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application
C:\Users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js Win32/Conduit.SearchProtect.A application
C:\Users\Nana's Toy\AppData\Roaming\SearchProtect\Res\SPSetup.exe multiple threats
C:\Users\Nana's Toy\Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Nana's Toy\Downloads\7zip_installer_d793026.exe a variant of Win32/InstallIQ.A application
C:\Users\Nana's Toy\Downloads\activedesktopcalendar-setup.exe Win32/DownloadAdmin.G application
C:\Users\Nana's Toy\Downloads\ArcadeCandyGames (2).exe a variant of Win32/Adware.Gamevance.DD application
C:\Users\Nana's Toy\Downloads\ArcadeCandyGames.exe a variant of Win32/Adware.Gamevance.DD application
C:\Users\Nana's Toy\Downloads\cbsidlm-tr1_10a-Cake_Mania_1-SEO-75450644.exe Win32/DownloadAdmin.G application
C:\Users\Nana's Toy\Downloads\DriverPerformer_J.exe a variant of Win32/InstallBrain application
C:\Users\Nana's Toy\Downloads\Extreme_Flash_Player_Setup (1).exe a variant of Win32/Adware.iBryte.G application
C:\Users\Nana's Toy\Downloads\Extreme_Flash_Player_Setup.exe a variant of Win32/Adware.iBryte.G application
C:\Users\Nana's Toy\Downloads\eye-sight-puzzle (1).exe a variant of Win32/InstallCore.BP application
C:\Users\Nana's Toy\Downloads\eye-sight-puzzle.exe a variant of Win32/InstallCore.BP application
C:\Users\Nana's Toy\Downloads\ffdshow_Setup.exe a variant of Win32/Adware.iBryte.G application
C:\Users\Nana's Toy\Downloads\FlashPlayer_V.82788887c.exe multiple threats
C:\Users\Nana's Toy\Downloads\FLVPlayerSetup.exe a variant of Win32/InstallCore.E application
C:\Users\Nana's Toy\Downloads\gimpshop_d685176.exe a variant of Win32/InstallIQ.A application
C:\Users\Nana's Toy\Downloads\iLividSetupV1 (1).exe Win32/Toolbar.SearchSuite application
C:\Users\Nana's Toy\Downloads\iLividSetupV1(1).exe Win32/Toolbar.SearchSuite application
C:\Users\Nana's Toy\Downloads\iLividSetupV1(2).exe Win32/Toolbar.SearchSuite application
C:\Users\Nana's Toy\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
C:\Users\Nana's Toy\Downloads\MediaUpdater__2577_i29162661_il561391.exe a variant of Win32/Amonetize.E application
C:\Users\Nana's Toy\Downloads\MediaUpdater__2577_i29162670_il561301.exe a variant of Win32/Amonetize.E application
C:\Users\Nana's Toy\Downloads\MediaUpdater__2577_i29162896_il561486.exe a variant of Win32/Amonetize.E application
C:\Users\Nana's Toy\Downloads\MediaUpdater__2577_i29163039_il561391.exe a variant of Win32/Amonetize.E application
C:\Users\Nana's Toy\Downloads\MediaUpdater__2577_i29163096_il561486.exe a variant of Win32/Amonetize.E application
C:\Users\Nana's Toy\Downloads\MediaUpdater__2577_i29163155_il561301.exe a variant of Win32/Amonetize.E application
C:\Users\Nana's Toy\Downloads\MediaUpdater__2577_i29163527_il561391.exe a variant of Win32/Amonetize.E application
C:\Users\Nana's Toy\Downloads\PageRageSetupAff.exe multiple threats
C:\Users\Nana's Toy\Downloads\PerfectOPTI_V5.exe a variant of Win32/Adware.PerfectOptimizer application
C:\Users\Nana's Toy\Downloads\PlayFizzSetup (1).exe Win32/OpenCandy application
C:\Users\Nana's Toy\Downloads\PlayFizzSetup (2).exe Win32/OpenCandy application
C:\Users\Nana's Toy\Downloads\PlayFizzSetup (3).exe Win32/OpenCandy application
C:\Users\Nana's Toy\Downloads\PlayFizzSetup.exe Win32/OpenCandy application
C:\Users\Nana's Toy\Downloads\powersuite(1).exe multiple threats
C:\Users\Nana's Toy\Downloads\powersuite(2).exe Win32/SpeedUpMyPC application
C:\Users\Nana's Toy\Downloads\powersuite.exe multiple threats
C:\Users\Nana's Toy\Downloads\registrybooster.exe Win32/RegistryBooster application
C:\Users\Nana's Toy\Downloads\Setup (1).exe a variant of Win32/Adware.Gamevance.BL application
C:\Users\Nana's Toy\Downloads\Setup (10).exe MSIL/Solimba.V application
C:\Users\Nana's Toy\Downloads\Setup (11).exe MSIL/Solimba.V application
C:\Users\Nana's Toy\Downloads\Setup (12).exe MSIL/Solimba.V application
C:\Users\Nana's Toy\Downloads\setup (13).exe Win32/InstallCore.BG application
C:\Users\Nana's Toy\Downloads\setup (14).exe Win32/InstallCore.BG application
C:\Users\Nana's Toy\Downloads\Setup (2).exe a variant of Win32/Adware.Gamevance.BL application
C:\Users\Nana's Toy\Downloads\Setup (3).exe a variant of Win32/Adware.iBryte.C application
C:\Users\Nana's Toy\Downloads\Setup (4).exe a variant of Win32/ExFriendAlert.B application
C:\Users\Nana's Toy\Downloads\Setup (7).exe a variant of Win32/Adware.iBryte.G application
C:\Users\Nana's Toy\Downloads\Setup (8).exe Win32/DomaIQ.R application
C:\Users\Nana's Toy\Downloads\Setup (9).exe Win32/DomaIQ.R application
C:\Users\Nana's Toy\Downloads\setup(1).exe Win32/InstallCore.BG application
C:\Users\Nana's Toy\Downloads\Setup.exe a variant of Win32/Adware.Gamevance.BL application
C:\Users\Nana's Toy\Downloads\Unconfirmed 29132.crdownload a variant of Win32/Adware.Gamevance.BL application
C:\Users\Nana's Toy\Downloads\VIO_Player_Setup.exe a variant of Win32/Adware.iBryte.G application
C:\Users\Nana's Toy\Downloads\YontooClientSetup(2).exe multiple threats
C:\Users\Nana's Toy\Downloads\YontooClientSetup.exe a variant of Win32/Adware.Yontoo.B application


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 16 July 2013 - 08:48 AM

C:\Users\Nana's Toy\Downloads\7zip_installer_d793026.exe a variant of Win32/InstallIQ.A application
C:\Users\Nana's Toy\Downloads\activedesktopcalendar-setup.exe Win32/DownloadAdmin.G application
C:\Users\Nana's Toy\Downloads\ArcadeCandyGames (2).exe a variant of Win32/Adware.Gamevance.DD application
C:\Users\Nana's Toy\Downloads\ArcadeCandyGames.exe a variant of Win32/Adware.Gamevance.DD application
C:\Users\Nana's Toy\Downloads\cbsidlm-tr1_10a-Cake_Mania_1-SEO-75450644.exe Win32/DownloadAdmin.G application
C:\Users\Nana's Toy\Downloads\DriverPerformer_J.exe a variant of Win32/InstallBrain application
C:\Users\Nana's Toy\Downloads\Extreme_Flash_Player_Setup (1).exe a variant of Win32/Adware.iBryte.G application
C:\Users\Nana's Toy\Downloads\Extreme_Flash_Player_Setup.exe a variant of Win32/Adware.iBryte.G application
C:\Users\Nana's Toy\Downloads\eye-sight-puzzle (1).exe a variant of Win32/InstallCore.BP application
C:\Users\Nana's Toy\Downloads\eye-sight-puzzle.exe a variant of Win32/InstallCore.BP application
C:\Users\Nana's Toy\Downloads\ffdshow_Setup.exe a variant of Win32/Adware.iBryte.G application
C:\Users\Nana's Toy\Downloads\FlashPlayer_V.82788887c.exe multiple threats
C:\Users\Nana's Toy\Downloads\FLVPlayerSetup.exe a variant of Win32/InstallCore.E application
C:\Users\Nana's Toy\Downloads\gimpshop_d685176.exe a variant of Win32/InstallIQ.A application
C:\Users\Nana's Toy\Downloads\iLividSetupV1 (1).exe Win32/Toolbar.SearchSuite application
C:\Users\Nana's Toy\Downloads\iLividSetupV1(1).exe Win32/Toolbar.SearchSuite application
C:\Users\Nana's Toy\Downloads\iLividSetupV1(2).exe Win32/Toolbar.SearchSuite application
C:\Users\Nana's Toy\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
C:\Users\Nana's Toy\Downloads\MediaUpdater__2577_i29162661_il561391.exe a variant of Win32/Amonetize.E application
C:\Users\Nana's Toy\Downloads\MediaUpdater__2577_i29162670_il561301.exe a variant of Win32/Amonetize.E application
C:\Users\Nana's Toy\Downloads\MediaUpdater__2577_i29162896_il561486.exe a variant of Win32/Amonetize.E application
C:\Users\Nana's Toy\Downloads\MediaUpdater__2577_i29163039_il561391.exe a variant of Win32/Amonetize.E application
C:\Users\Nana's Toy\Downloads\MediaUpdater__2577_i29163096_il561486.exe a variant of Win32/Amonetize.E application
C:\Users\Nana's Toy\Downloads\MediaUpdater__2577_i29163155_il561301.exe a variant of Win32/Amonetize.E application
C:\Users\Nana's Toy\Downloads\MediaUpdater__2577_i29163527_il561391.exe a variant of Win32/Amonetize.E application
C:\Users\Nana's Toy\Downloads\PageRageSetupAff.exe multiple threats
C:\Users\Nana's Toy\Downloads\PerfectOPTI_V5.exe a variant of Win32/Adware.PerfectOptimizer application
C:\Users\Nana's Toy\Downloads\PlayFizzSetup (1).exe Win32/OpenCandy application
C:\Users\Nana's Toy\Downloads\PlayFizzSetup (2).exe Win32/OpenCandy application
C:\Users\Nana's Toy\Downloads\PlayFizzSetup (3).exe Win32/OpenCandy application
C:\Users\Nana's Toy\Downloads\PlayFizzSetup.exe Win32/OpenCandy application
C:\Users\Nana's Toy\Downloads\powersuite(1).exe multiple threats
C:\Users\Nana's Toy\Downloads\powersuite(2).exe Win32/SpeedUpMyPC application
C:\Users\Nana's Toy\Downloads\powersuite.exe multiple threats
C:\Users\Nana's Toy\Downloads\registrybooster.exe Win32/RegistryBooster application
C:\Users\Nana's Toy\Downloads\Setup (1).exe a variant of Win32/Adware.Gamevance.BL application
C:\Users\Nana's Toy\Downloads\Setup (10).exe MSIL/Solimba.V application
C:\Users\Nana's Toy\Downloads\Setup (11).exe MSIL/Solimba.V application
C:\Users\Nana's Toy\Downloads\Setup (12).exe MSIL/Solimba.V application
C:\Users\Nana's Toy\Downloads\setup (13).exe Win32/InstallCore.BG application
C:\Users\Nana's Toy\Downloads\setup (14).exe Win32/InstallCore.BG application
C:\Users\Nana's Toy\Downloads\Setup (2).exe a variant of Win32/Adware.Gamevance.BL application
C:\Users\Nana's Toy\Downloads\Setup (3).exe a variant of Win32/Adware.iBryte.C application
C:\Users\Nana's Toy\Downloads\Setup (4).exe a variant of Win32/ExFriendAlert.B application
C:\Users\Nana's Toy\Downloads\Setup (7).exe a variant of Win32/Adware.iBryte.G application
C:\Users\Nana's Toy\Downloads\Setup (8).exe Win32/DomaIQ.R application
C:\Users\Nana's Toy\Downloads\Setup (9).exe Win32/DomaIQ.R application
C:\Users\Nana's Toy\Downloads\setup(1).exe Win32/InstallCore.BG application
C:\Users\Nana's Toy\Downloads\Setup.exe a variant of Win32/Adware.Gamevance.BL application
C:\Users\Nana's Toy\Downloads\Unconfirmed 29132.crdownload a variant of Win32/Adware.Gamevance.BL application
C:\Users\Nana's Toy\Downloads\VIO_Player_Setup.exe a variant of Win32/Adware.iBryte.G application
C:\Users\Nana's Toy\Downloads\YontooClientSetup(2).exe multiple threats
C:\Users\Nana's Toy\Downloads\YontooClientSetup.exe a variant of Win32/Adware.Yontoo.B application

These files aren´t malware but contain security risks. I would delete them immediately - your choice.

 

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 tragsdale

tragsdale
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:01 AM

Posted 16 July 2013 - 10:21 AM

How do I delete these at risk files? and should I run the CFscript before deletion or after... :o



#13 tragsdale

tragsdale
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:01 AM

Posted 16 July 2013 - 12:08 PM

well I ran the combofix as requested. 

 

ComboFix 13-07-14.01 - Nana's Toy 07/16/2013  11:39:39.3.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.2280 [GMT -5:00]
Running from: c:\users\Nana's Toy\Desktop\ComboFix.exe
Command switches used :: c:\users\Nana's Toy\Desktop\CFScript (2).txt
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Nana's Toy\Documents\ApnStub.exe"
.
ADS - Temp: deleted 65058 bytes in 392 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\Nana's Toy\AppData\Roaming\SearchProtect
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\bin\ChromeModule.dll
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\bin\cltmng.exe
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\bin\initData.ch
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\bin\initData.ff
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\bin\initData.ie
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\bin\msvcp100.dll
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\bin\msvcr100.dll
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\bin\rep.dat
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\bin\SPHook32.dll
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\bin\SPRunner.exe
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\bin\uninstall.exe
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\abstraction.js
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\application.js
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData
c:\users\Nana's Toy\AppData\Roaming\SearchProtect\Res\SPSetup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-16 to 2013-07-16  )))))))))))))))))))))))))))))))
.
.
2013-07-16 16:51 . 2013-07-16 16:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-16 07:54 . 2013-07-16 07:55 -------- d-----w- c:\windows\system32\drivers\N360x64\1404000.028
2013-07-16 07:19 . 2013-07-16 07:19 -------- d-----w- c:\program files (x86)\ESET
2013-07-13 22:41 . 2013-07-13 08:08 359424 ----a-w- c:\windows\SysWow64\drivers\BleServicesCtrl.exe
2013-07-13 22:21 . 2013-07-13 22:44 -------- d-----w- c:\users\Nana's Toy\AppData\Local\NPE
2013-07-13 08:08 . 2013-07-13 08:08 359424 ----a-w- c:\windows\SysWow64\drivers\blds.exe
2013-07-10 23:54 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 23:54 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-10 23:54 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-10 23:54 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 23:54 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 23:54 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 23:54 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 23:54 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 23:54 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 23:54 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 23:54 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 19:58 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 19:58 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 19:58 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 19:58 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 19:58 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 19:58 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 19:56 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 19:56 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 13:31 . 2013-07-10 13:31 -------- d-----w- c:\users\Nana's Toy\AppData\Roaming\CheckPoint
2013-07-10 13:19 . 2013-07-10 13:19 -------- d-----w- c:\users\Nana's Toy\AppData\Roaming\XemiComputers
2013-07-10 13:18 . 2013-07-10 13:18 -------- d-----w- c:\program files (x86)\XemiComputers
2013-07-10 13:15 . 2013-07-10 13:15 -------- d-----w- c:\programdata\CheckPoint
2013-06-25 03:32 . 2013-06-25 03:32 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 02:41 . 2013-06-25 02:41 4325376 ----a-w- c:\programdata\ReadOnlyInstaller.msi
2013-06-23 08:14 . 2013-06-23 08:14 35936 ----a-w- c:\windows\system32\drivers\amdkmpfd.sys
2013-06-19 03:32 . 2013-06-19 03:32 -------- d-----w- c:\program files\Common Files\Wondershare
2013-06-19 03:31 . 2013-06-19 08:50 -------- d-----w- c:\programdata\Wondershare Player
2013-06-19 03:31 . 2013-06-19 03:31 -------- d-----w- c:\users\Nana's Toy\AppData\Local\Wondershare
2013-06-19 03:31 . 2013-06-19 03:31 -------- d-----w- c:\program files (x86)\Common Files\Wondershare
2013-06-19 03:30 . 2013-06-19 08:50 -------- d-----w- c:\program files (x86)\Wondershare
2013-06-18 15:25 . 2013-06-18 15:25 -------- d-----w- c:\programdata\KingsIsle Entertainment
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-16 15:15 . 2010-07-01 21:30 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-11 08:20 . 2010-07-02 13:57 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-06 19:56 . 2012-01-02 02:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-06 19:56 . 2011-11-22 04:13 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-25 03:32 . 2012-12-09 04:00 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-25 03:32 . 2010-07-02 01:09 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-13 05:51 . 2013-06-12 04:34 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 04:34 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 04:34 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 04:34 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 04:34 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 04:34 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 04:34 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 04:34 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 04:34 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 04:34 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 04:33 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 04:33 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 04:34 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-01 10:29 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-30 07:58 . 2013-04-30 07:58 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 07:58 . 2013-04-30 07:58 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 07:58 . 2013-04-30 07:58 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 07:58 . 2013-04-30 07:58 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 07:58 . 2013-04-30 07:58 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 07:58 . 2013-04-30 07:58 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 07:58 . 2013-04-30 07:58 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 07:58 . 2013-04-30 07:58 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 07:58 . 2013-04-30 07:58 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 07:58 . 2013-04-30 07:58 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 07:58 . 2013-04-30 07:58 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 07:58 . 2013-04-30 07:58 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 07:58 . 2013-04-30 07:58 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 07:58 . 2013-04-30 07:58 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 07:58 . 2013-04-30 07:58 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 07:58 . 2013-04-30 07:58 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 07:58 . 2013-04-30 07:58 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 07:58 . 2013-04-30 07:58 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 07:58 . 2013-04-30 07:58 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 07:58 . 2013-04-30 07:58 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 07:58 . 2013-04-30 07:58 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 07:58 . 2013-04-30 07:58 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 07:58 . 2013-04-30 07:58 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 07:58 . 2013-04-30 07:58 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 07:58 . 2013-04-30 07:58 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 07:58 . 2013-04-30 07:58 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 07:58 . 2013-04-30 07:58 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-30 07:58 . 2013-04-30 07:58 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 07:58 . 2013-04-30 07:58 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 07:58 . 2013-04-30 07:58 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 07:58 . 2013-04-30 07:58 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 07:58 . 2013-04-30 07:58 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 07:58 . 2013-04-30 07:58 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 07:58 . 2013-04-30 07:58 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 07:58 . 2013-04-30 07:58 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 07:58 . 2013-04-30 07:58 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 07:58 . 2013-04-30 07:58 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 07:58 . 2013-04-30 07:58 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 07:58 . 2013-04-30 07:58 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 07:58 . 2013-04-30 07:58 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 07:58 . 2013-04-30 07:58 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 07:58 . 2013-04-30 07:58 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 07:58 . 2013-04-30 07:58 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 07:58 . 2013-04-30 07:58 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 07:58 . 2013-04-30 07:58 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 07:58 . 2013-04-30 07:58 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 07:58 . 2013-04-30 07:58 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 07:58 . 2013-04-30 07:58 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 07:58 . 2013-04-30 07:58 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-26 05:51 . 2013-06-12 04:34 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 04:34 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 04:33 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{40C78C4E-5AE5-4762-9B7D-D2DE31B03B77}]
c:\windows\SysWow64\yealt.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9ed31f84-c8b3-4926-b950-dff74047ff79}]
c:\program files (x86)\KeyBar_1.8\prxtbKeyB.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A071936A-AB6B-4978-9342-E47C06FCDEC1}]
c:\progra~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
c:\program files (x86)\Delta\delta\1.8.16.16\bh\delta.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
"PowerSuite"="c:\progra~2\Uniblue\POWERS~1\launcher.exe" [2013-04-22 26392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys;c:\windows\SYSNATIVE\DRIVERS\rcmirror.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 PxHlpa64;PxHlpa64;c:\windows\system32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130713.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130713.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS [x]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [x]
S2 bthsrv;Bluetooth Service;c:\windows\SysWOW64\Drivers\BleServicesCtrl.exe;c:\windows\SysWOW64\Drivers\BleServicesCtrl.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 gmhidlow;HID Mouse Lower Filter;c:\windows\system32\DRIVERS\gmhidlow.sys;c:\windows\SYSNATIVE\DRIVERS\gmhidlow.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1403010.016\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1403010.016\SYMNETS.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-22 08:39]
.
2013-07-08 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 14:15]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 14:15]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3184504439-744475995-2388879454-1001Core.job
- c:\users\Nana's Toy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-01 16:00]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3184504439-744475995-2388879454-1001UA.job
- c:\users\Nana's Toy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-01 16:00]
.
2013-07-15 c:\windows\Tasks\powersuite_monitor.job
- c:\program files (x86)\Uniblue\Powersuite\powersuite_monitor.exe [2013-02-04 21:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-01-18 2727936]
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://start.smilebox.com/?src=10&st=12&crg=3.5000006.10040&barid={32577C60-D891-11E2-9AA6-7071BC409BD0}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\
FF - prefs.js: browser.search.defaulturl - 
FF - ExtSQL: 2013-05-21 20:19; {9ed31f84-c8b3-4926-b950-dff74047ff79}; c:\users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
FF - ExtSQL: 2013-07-10 08:30; wecarereminder@bryan; c:\users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\wecarereminder@bryan
FF - ExtSQL: 2013-07-10 08:30; [email protected]; c:\users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\[email protected]
FF - ExtSQL: 2013-07-12 17:32; {650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}
FF - ExtSQL: 2013-07-13 17:48; {d2cf9842-af95-48cd-b873-bfbb48cd7f5e}; c:\users\Nana's Toy\AppData\Roaming\Mozilla\Firefox\Profiles\hxnzvzfi.default\extensions\{d2cf9842-af95-48cd-b873-bfbb48cd7f5e}
FF - ExtSQL: !HIDDEN! 2010-10-29 10:39; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extentions.y2layers.installId - e42beb4b-4a3a-4843-906b-7a709f1e98cc
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 287a5c4e0000000000007071bc409bd0
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15826
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1620:51
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=4805c699d9594f339894ee3225f11311&tu=11JL0008y2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=4805c699d9594f339894ee3225f11311&tu=11JL0008y2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=4805c699d9594f339894ee3225f11311&tu=11JL0008y2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=4805c699d9594f339894ee3225f11311&tu=11JL0008y2B000s&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 287a5c4e0000000000007071bc409bd0
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15896
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.168:17
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 5043
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN118838956637513-5043
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - (no file)
BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
BHO-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
Toolbar-10 - (no file)
WebBrowser-{4641532D-5636-006A-76A7-7A786E7484D7} - (no file)
AddRemove-delta - c:\program files (x86)\Delta\delta\1.8.16.16\GUninstaller.exe
AddRemove-DnsBasic - c:\program files (x86)\DnsBasic\uninstall.exe
AddRemove-Fast Free Converter - c:\program files (x86)\Fast Free Converter\uninstall.exe
AddRemove-SearchProtect - c:\program files (x86)\SearchProtect\bin\uninstall.exe
AddRemove-Updater Service - c:\programdata\IBUpdaterService\ibsvc.exe
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
AddRemove-{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} - c:\users\Nana's Toy\AppData\Local\SwvUpdater\Updater.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3184504439-744475995-2388879454-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3184504439-744475995-2388879454-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-16  11:56:45
ComboFix-quarantined-files.txt  2013-07-16 16:56
ComboFix2.txt  2013-07-15 13:07
ComboFix3.txt  2013-07-15 06:52
.
Pre-Run: 208,167,522,304 bytes free
Post-Run: 208,098,476,032 bytes free
.
- - End Of File - - DFC3560ABAF11A94A4D88B1F9B91D4AB
D54F15D24626FEFA237351EEF2114926


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 5,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 16 July 2013 - 11:52 PM

Did you get the files deleted or do you need help with them?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 tragsdale

tragsdale
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:01 AM

Posted 17 July 2013 - 12:10 AM

Hi Marius,  Yes I need help. 

 

 How do I find those security risk files again...and then delete them? 


Edited by tragsdale, 17 July 2013 - 01:37 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users