Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Try 2 - Nasty Stuff Making This Laptop Super Slow and Unusable!


  • This topic is locked This topic is locked
33 replies to this topic

#1 jtphenom

jtphenom

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 18 February 2013 - 03:00 PM

Hi folks,

 

This is the second time I'm posting this. I'm sorry. It's just that I was in such a hurry to get help the first time, that I didn't find out that I shouldn't reply to my own post until after that. Now that I know that you folks respond to posts with 0 replies first, I'm posting this again. Again, very sorry!

Also, the reason I don't have any DDS, OTL, or HJT logs pasted in this post is because I am unable to get the programs running in Normal Mode. Please let me know if it's fine to run them in Safe Mode.


I'm working on a laptop for a client, and I need the help of some seriously-knowledgable malware removal experts! smile.png


It's a Toshiba Satellite L645D running Win 7 x64. 3 GB of RAM.


 


My customer was not able to tell me when or why the problems started. All I know is he has some cool new wallpapers. lol




Within 30 seconds of logging on, the computer becomes extremely slow and
you can't do much of anything. When you click and get a response, it's
usually about 2 or 3 minutes after you click.


 


I was able to get into SafeMode and used Revo to uninstall a bunch of
software that he said he wanted gone and didn't know how it got on
there. One of them was that 24x7 Help thing that puts that lady with
headphones in every window. I'm guessing that was probably a vehicle for
whatever other nasty stuff is on this system.


I ran a MBAM scan yesterday and found 8 PUPs. That was on a Quick Scan.
Then rebooted and ran a Full Scan. That didn't find anything. That was
all run in Safe Mode. Unable to run Full Scan if not in Safe Mode.


I was able to run RKill and it stopped one process: "C:Users\%user%\AppData\Roaming\DefaultTab\DTUpdate.exe"


 


A couple of other weird things: TouchPad doesn't work at all. I get
the following errors when I try to look at Mouse and Keyboard settings
in Control Panel:


 


"An unexpected error occurred linking to the Mouse Control Panel. (0x80004005L)"


"An unexpected error occurred linking to the Keyboard Control Panel. (0x80004005L)"


 


When I scheduled a Chkdsk and rebooted, I received the following error:


 


"Autochk cannot run due to an error caused by some recently installed
software.".. or it was something close to that.. it went away before I
could write it down perfectly.


It says there are no restore points. He has no backups.


 


I have no idea what to do at this point, and I appreciate any help
offered. Please let me know if you want my MBAM and RKill logs.


 


Thanks!!


James T.


Edited by jtphenom, 18 February 2013 - 03:10 PM.


BC AdBot (Login to Remove)

 


#2 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:16 PM

Posted 19 February 2013 - 03:15 PM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

 

Please boot into Safe Mod with Networking. Run RKill but do not restart your computer.

 

Then, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review, along with the logs from MBAM and RKill.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 19 February 2013 - 03:33 PM

Hi The Dark Knight. Thanks for your response, but I was in such a hurry to get help that I posted my issue on several forums and went with the first one to respond. I kind of wish I hadn't because the person helping me, though a Microsoft MVP, is writing confusing posts with several confusing typos, and seems to do everything very differently than I've seen others do (he had me run OTL, then chkdsk, then sfcscan, then a 3rd party Event Viewer, then Process Explorer.. but so far, no Combofix, RogueKiller, TDSSKiller, etc).

 

If I am unable to get my issue resolved with his help, I may be back here. Is that alright?

Thanks again!

James T.



#4 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:16 PM

Posted 20 February 2013 - 01:40 AM

Hello jtphenom,

 

That's fine. I will leave this topic open.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#5 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 20 February 2013 - 11:49 AM

OK that guy at the other forum is no longer responding. Quite frustrating. Dark Knight, can you please still help me?

Here is what we've done so far going by the instructions from the guy at the other forum:

http://www.geekstogo.com/forum/topic/327540-nasty-stuff-making-this-laptop-super-slow-and-unusable/page__st__15

As you will see in that thread, I cannot do anything in Normal mode unless I have all except Microsoft's services disabled.

Would you like me to still run Combofix, despite most of my services being disabled? Or...



#6 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 20 February 2013 - 12:08 PM

Oh... you said to run it in Safe Mode anyway. Sorry. OK I will run that tonight after work. Thanks!!

 

By the way, should I attach the logs or just paste them?


Edited by jtphenom, 20 February 2013 - 12:16 PM.


#7 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 20 February 2013 - 12:59 PM

OK I'm trying to run ComboFix in Safe Mode, and it's telling me my Avast scanner and antivirus real-time protection are still running. There is no icon in the corner, and I disabled the avast service. I don't see any avast processes running (unless there several with weird names???). What should I do to get avast to stop running?



#8 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:16 PM

Posted 20 February 2013 - 03:36 PM

Hey jtphenom,

 

Just disable it as you have done and proceed. Sometimes the AVs are rather persistent.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#9 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 20 February 2013 - 03:55 PM

OK I'll run it tonight when I get home. Thanks!



#10 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 20 February 2013 - 06:41 PM

Here are my RKill and ComboFix logs. My MBAM logs are in the forum that I linked to above. Let me know if you need me to copy and paste them from there. Just a reminder: I ran both of these in Safe Mode. I can try to run them in Normal Mode if you like. But I have to disable all of my non-Microsoft services in order to be able to do that.

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/20/2013 06:08:09 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 02/20/2013 06:08:25 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)

==================================================

 

ComboFix 13-02-20.01 - thibault 02/20/2013  18:11:23.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2807.2183 [GMT -5:00]
Running from: c:\users\thibault\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\DailyBibleGuideEI
c:\program files (x86)\DailyBibleGuideEI\Installr\1.bin\2vEIPlug.dll
c:\program files (x86)\DailyBibleGuideEI\Installr\1.bin\NP2vEISb.dll
c:\program files (x86)\HeadlineAlley_29EI
c:\program files (x86)\WeatherBlink
c:\program files (x86)\WeatherBlink\bar\1.bin\BOOTSTRAP.JS
c:\program files (x86)\WeatherBlink\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\WeatherBlink\bar\1.bin\chrome\gcffxtbr.jar
c:\program files (x86)\WeatherBlink\bar\1.bin\CREXT.DLL
c:\program files (x86)\WeatherBlink\bar\1.bin\CrExtPgc.exe
c:\program files (x86)\WeatherBlink\bar\1.bin\gcsknlcr.dll
c:\program files (x86)\WeatherBlink\bar\1.bin\INSTALL.RDF
c:\program files (x86)\WeatherBlink\bar\1.bin\installKeys.js
c:\program files (x86)\WeatherBlink\bar\1.bin\LOGO.BMP
c:\program files (x86)\WeatherBlink\bar\1.bin\T8EXTEX.DLL
c:\program files (x86)\WeatherBlink\bar\1.bin\T8EXTPEX.DLL
c:\program files (x86)\WeatherBlink\bar\1.bin\T8RES.DLL
c:\program files (x86)\WeatherBlink\bar\1.bin\T8TICKER.DLL
c:\program files (x86)\WeatherBlink\bar\gen1\COMMON.T8S
c:\program files (x86)\WeatherBlink\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\WeatherBlink\bar\Message\COMMON.T8S
c:\program files (x86)\WeatherBlink\bar\Settings\s_pid.dat
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-20 to 2013-02-20  )))))))))))))))))))))))))))))))
.
.
2013-02-19 04:53 . 2012-10-30 23:51    25232    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-02-19 04:52 . 2012-10-30 23:51    370288    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-02-19 04:52 . 2012-10-15 16:59    54072    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-02-19 04:52 . 2012-10-30 23:51    59728    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-02-19 04:52 . 2012-10-30 23:51    984144    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-02-19 04:52 . 2012-10-30 23:51    71600    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-02-19 04:52 . 2012-10-30 23:50    285328    ----a-w-    c:\windows\system32\aswBoot.exe
2013-02-19 04:52 . 2012-10-30 23:51    41224    ----a-w-    c:\windows\avastSS.scr
2013-02-19 04:52 . 2012-10-30 23:50    227648    ----a-w-    c:\windows\SysWow64\aswBoot.exe
2013-02-19 04:52 . 2013-02-19 04:52    --------    d-----w-    c:\programdata\AVAST Software
2013-02-19 04:52 . 2013-02-19 04:52    --------    d-----w-    c:\program files\AVAST Software
2013-02-19 04:48 . 2013-02-19 04:50    --------    d-----w-    C:\MATS
2013-02-16 17:24 . 2013-02-16 17:24    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-16 17:24 . 2012-12-14 21:49    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-02-14 17:41 . 2013-02-14 17:59    --------    d-----w-    c:\program files (x86)\MyPC Backup
2013-02-14 17:41 . 2013-02-14 21:46    --------    d-----w-    c:\users\thibault\AppData\Roaming\Systweak
2013-02-14 17:41 . 2013-01-29 23:17    20336    ----a-w-    c:\windows\system32\roboot64.exe
2013-02-14 16:51 . 2013-02-20 23:16    --------    d-----w-    c:\users\thibault\AppData\Roaming\DefaultTab
2013-02-14 16:51 . 2013-02-16 17:29    --------    d-----w-    c:\users\thibault\AppData\Local\SwvUpdater
2013-02-14 15:31 . 2013-02-14 15:31    --------    d-----w-    c:\users\Guest\AppData\Local\Adobe
2013-02-14 15:22 . 2013-02-14 15:22    --------    d-----w-    c:\users\Guest\AppData\Local\Diagnostics
2013-02-14 14:46 . 2013-02-14 14:46    --------    d-----w-    c:\users\Guest\AppData\Local\LogMeIn
2013-02-14 14:45 . 2013-02-14 14:45    --------    d-----w-    c:\users\Guest\AppData\Roaming\Motorola Mobility
2013-02-13 22:23 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 22:23 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 19:32 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-02-13 19:32 . 2013-01-04 04:51    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-02-13 19:32 . 2013-01-04 02:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-02-13 19:32 . 2013-01-04 02:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-02-13 19:32 . 2013-01-04 02:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-02-13 19:32 . 2013-01-04 02:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-02-13 19:23 . 2013-01-05 05:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-13 19:23 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 19:23 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 19:23 . 2013-01-04 03:26    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-02-13 19:22 . 2013-01-03 06:00    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-13 19:22 . 2013-01-03 06:00    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-01 08:14 . 2013-02-01 08:14    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2013-01-25 20:37 . 2013-01-25 20:37    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-25 20:37 . 2013-01-25 20:37    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-25 20:37 . 2013-01-25 20:37    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-25 20:37 . 2013-01-25 20:37    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-25 20:37 . 2013-01-25 20:37    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-25 20:37 . 2013-01-25 20:37    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-25 20:37 . 2013-01-25 20:37    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-25 20:37 . 2013-01-25 20:37    --------    d-----w-    c:\program files (x86)\QuickTime
2013-01-25 20:37 . 2013-01-25 20:37    --------    d-----w-    c:\programdata\Apple Computer
2013-01-25 20:34 . 2013-01-25 20:34    --------    d-----w-    c:\users\thibault\AppData\Local\Apple
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 19:28 . 2011-05-24 22:36    70004024    ----a-w-    c:\windows\system32\MRT.exe
2013-02-08 15:19 . 2012-03-31 17:20    697712    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-08 15:19 . 2011-05-20 16:07    74096    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-04 04:43 . 2013-02-13 19:32    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 19:26    46080    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 19:26    367616    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 19:26    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 19:26    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 08:06    441856    ----a-w-    c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 08:06    2746368    ----a-w-    c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 08:06    308736    ----a-w-    c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 08:06    2576384    ----a-w-    c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 08:06    30720    ----a-w-    c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 08:06    43520    ----a-w-    c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 08:06    23552    ----a-w-    c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 08:06    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 08:06    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 08:06    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 08:06    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 08:06    20480    ----a-w-    c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 08:06    46592    ----a-w-    c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 08:06    40960    ----a-w-    c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 08:06    21504    ----a-w-    c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 08:06    15360    ----a-w-    c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 08:06    55296    ----a-w-    c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 08:06    51712    ----a-w-    c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 08:06    43520    ----a-w-    c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 08:06    30720    ----a-w-    c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 08:06    45568    ----a-w-    c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 08:06    44544    ----a-w-    c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 08:06    20480    ----a-w-    c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 08:06    23552    ----a-w-    c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 08:06    20480    ----a-w-    c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 08:06    46592    ----a-w-    c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 08:06    20480    ----a-w-    c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 08:06    21504    ----a-w-    c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 08:06    40960    ----a-w-    c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 08:06    15360    ----a-w-    c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 08:06    55296    ----a-w-    c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 08:06    51712    ----a-w-    c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 08:06    362496    ----a-w-    c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 08:06    243200    ----a-w-    c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 08:06    13312    ----a-w-    c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 08:06    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 08:06    424448    ----a-w-    c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 08:06    1161216    ----a-w-    c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 08:06    274944    ----a-w-    c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 08:06    4608    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    5120    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-11-30 03:23 . 2013-01-09 08:06    338432    ----a-w-    c:\windows\system32\conhost.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-06-08 15928]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-22 35840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-06-11 22016]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-06-08 27136]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1255736]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
R4 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe [2013-01-08 32808]
R4 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-09-08 87992]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-09 375728]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R4 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]
R4 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 932384]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 15:19]
.
2013-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3642274781-3912715630-3889302560-1000Core.job
- c:\users\thibault\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-16 12:58]
.
2013-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3642274781-3912715630-3889302560-1000UA.job
- c:\users\thibault\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-16 12:58]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-11 19:12]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-11 19:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50    133400    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ccube_Uninstall_Lock"="c:\programdata\CA\cacu_001.exe" [2012-08-18 2578512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;192.168.*.*
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80304&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80304
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\thibault\AppData\Roaming\Mozilla\Firefox\Profiles\uyo5zbyl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=3&q={searchTerms}&CUI=UN14456464401275500
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke B Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CUI=UN14456464401275500&UM=UM_ID&q=
FF - ExtSQL: !HIDDEN! 2011-05-20 15:37; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - (no file)
BHO-{71c1d63a-c944-428a-a5bd-ba513190e5d2} - (no file)
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
Toolbar-Locked - (no file)
Toolbar-{8f61e414-ea79-4559-8bb6-61d956f70306} - c:\program files (x86)\HeadlineAlley_29\bar\1.bin\29bar.dll
Toolbar-{364ea597-e728-4ce4-bb4a-ed846ef47970} - c:\program files (x86)\MapsGalaxy_39\bar\2.bin\39bar.dll
Toolbar-{f20de5e0-2a6e-4c54-985f-1cf59551ce39} - c:\program files (x86)\WeatherBlink\bar\1.bin\gcbar.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-DefaultTab - c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-20  18:27:17 - machine was rebooted
ComboFix-quarantined-files.txt  2013-02-20 23:27
.
Pre-Run: 267,368,402,944 bytes free
Post-Run: 266,730,876,928 bytes free
.
- - End Of File - - 42ACC742C89E78F5865A986C7C62CB25


 


Edited by jtphenom, 20 February 2013 - 06:42 PM.


#11 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:16 PM

Posted 21 February 2013 - 06:15 AM

Good evening jtphenom,

 

Please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:

    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::

    DDS::
    uInternet Settings,ProxyOverride = <local>;192.168.*.*
    mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80304&lng=en
    mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80304

     

    Firefox::
    FF - ProfilePath - c:\users\thibault\AppData\Roaming\Mozilla\Firefox\Profiles\uyo5zbyl.default\

    FF - prefs.js: browser.search.selectedEngine - WhiteSmoke B Customized Web Search

  • Save this as CFScript.txt, in the same location as ComboFix.exe.


  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.

 

=====

 

Also, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

 

=====

 

In your reply please provide the contents of both logs.
 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#12 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 21 February 2013 - 08:15 AM

ComboFix 13-02-21.01 - thibault 02/21/2013   7:46.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2807.2065 [GMT -5:00]
Running from: c:\users\thibault\Desktop\ComboFix.exe
Command switches used :: c:\users\thibault\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-21 to 2013-02-21  )))))))))))))))))))))))))))))))
.
.
2013-02-21 12:51 . 2013-02-21 12:51    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2013-02-21 12:51 . 2013-02-21 12:51    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-21 12:51 . 2013-02-21 12:51    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-02-19 04:53 . 2012-10-30 23:51    25232    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-02-19 04:52 . 2012-10-30 23:51    370288    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-02-19 04:52 . 2012-10-15 16:59    54072    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-02-19 04:52 . 2012-10-30 23:51    59728    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-02-19 04:52 . 2012-10-30 23:51    984144    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-02-19 04:52 . 2012-10-30 23:51    71600    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-02-19 04:52 . 2012-10-30 23:50    285328    ----a-w-    c:\windows\system32\aswBoot.exe
2013-02-19 04:52 . 2012-10-30 23:51    41224    ----a-w-    c:\windows\avastSS.scr
2013-02-19 04:52 . 2012-10-30 23:50    227648    ----a-w-    c:\windows\SysWow64\aswBoot.exe
2013-02-19 04:52 . 2013-02-19 04:52    --------    d-----w-    c:\programdata\AVAST Software
2013-02-19 04:52 . 2013-02-19 04:52    --------    d-----w-    c:\program files\AVAST Software
2013-02-19 04:48 . 2013-02-19 04:50    --------    d-----w-    C:\MATS
2013-02-16 17:24 . 2013-02-16 17:24    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-16 17:24 . 2012-12-14 21:49    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-02-14 17:41 . 2013-02-14 17:59    --------    d-----w-    c:\program files (x86)\MyPC Backup
2013-02-14 17:41 . 2013-02-14 21:46    --------    d-----w-    c:\users\thibault\AppData\Roaming\Systweak
2013-02-14 17:41 . 2013-01-29 23:17    20336    ----a-w-    c:\windows\system32\roboot64.exe
2013-02-14 16:51 . 2013-02-20 23:16    --------    d-----w-    c:\users\thibault\AppData\Roaming\DefaultTab
2013-02-14 16:51 . 2013-02-16 17:29    --------    d-----w-    c:\users\thibault\AppData\Local\SwvUpdater
2013-02-14 15:31 . 2013-02-14 15:31    --------    d-----w-    c:\users\Guest\AppData\Local\Adobe
2013-02-14 15:22 . 2013-02-14 15:22    --------    d-----w-    c:\users\Guest\AppData\Local\Diagnostics
2013-02-14 14:46 . 2013-02-14 14:46    --------    d-----w-    c:\users\Guest\AppData\Local\LogMeIn
2013-02-14 14:45 . 2013-02-14 14:45    --------    d-----w-    c:\users\Guest\AppData\Roaming\Motorola Mobility
2013-02-13 22:23 . 2013-01-09 01:10    996352    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 22:23 . 2013-01-08 22:01    768000    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 19:32 . 2013-01-04 05:46    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-02-13 19:32 . 2013-01-04 04:51    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-02-13 19:32 . 2013-01-04 02:47    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-02-13 19:32 . 2013-01-04 02:47    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-02-13 19:32 . 2013-01-04 02:47    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-02-13 19:32 . 2013-01-04 02:47    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-02-13 19:23 . 2013-01-05 05:53    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-13 19:23 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 19:23 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 19:23 . 2013-01-04 03:26    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-02-13 19:22 . 2013-01-03 06:00    1913192    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-13 19:22 . 2013-01-03 06:00    288088    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-01 08:14 . 2013-02-01 08:14    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2013-01-25 20:37 . 2013-01-25 20:37    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-25 20:37 . 2013-01-25 20:37    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-25 20:37 . 2013-01-25 20:37    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-25 20:37 . 2013-01-25 20:37    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-25 20:37 . 2013-01-25 20:37    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-25 20:37 . 2013-01-25 20:37    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-25 20:37 . 2013-01-25 20:37    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-25 20:37 . 2013-01-25 20:37    --------    d-----w-    c:\program files (x86)\QuickTime
2013-01-25 20:37 . 2013-01-25 20:37    --------    d-----w-    c:\programdata\Apple Computer
2013-01-25 20:34 . 2013-01-25 20:34    --------    d-----w-    c:\users\thibault\AppData\Local\Apple
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 19:28 . 2011-05-24 22:36    70004024    ----a-w-    c:\windows\system32\MRT.exe
2013-02-08 15:19 . 2012-03-31 17:20    697712    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-08 15:19 . 2011-05-20 16:07    74096    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-04 04:43 . 2013-02-13 19:32    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 19:26    46080    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 19:26    367616    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 19:26    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 19:26    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 08:06    441856    ----a-w-    c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 08:06    2746368    ----a-w-    c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 08:06    308736    ----a-w-    c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 08:06    2576384    ----a-w-    c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 08:06    30720    ----a-w-    c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 08:06    43520    ----a-w-    c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 08:06    23552    ----a-w-    c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 08:06    45568    ----a-w-    c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 08:06    44544    ----a-w-    c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 08:06    20480    ----a-w-    c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 08:06    20480    ----a-w-    c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 08:06    20480    ----a-w-    c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 08:06    46592    ----a-w-    c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 08:06    40960    ----a-w-    c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 08:06    21504    ----a-w-    c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 08:06    15360    ----a-w-    c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 08:06    55296    ----a-w-    c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 08:06    51712    ----a-w-    c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 08:06    43520    ----a-w-    c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 08:06    30720    ----a-w-    c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 08:06    45568    ----a-w-    c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 08:06    44544    ----a-w-    c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 08:06    20480    ----a-w-    c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 08:06    23552    ----a-w-    c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 08:06    20480    ----a-w-    c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 08:06    46592    ----a-w-    c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 08:06    20480    ----a-w-    c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 08:06    21504    ----a-w-    c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 08:06    40960    ----a-w-    c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 08:06    15360    ----a-w-    c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 08:06    55296    ----a-w-    c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 08:06    51712    ----a-w-    c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 08:06    362496    ----a-w-    c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 08:06    243200    ----a-w-    c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 08:06    13312    ----a-w-    c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 08:06    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 08:06    424448    ----a-w-    c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 08:06    1161216    ----a-w-    c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 08:06    274944    ----a-w-    c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 08:06    4608    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    5120    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 08:06    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-11-30 03:23 . 2013-01-09 08:06    338432    ----a-w-    c:\windows\system32\conhost.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8f61e414-ea79-4559-8bb6-61d956f70306}"= "c:\program files (x86)\HeadlineAlley_29\bar\1.bin\29bar.dll" [BU]
"{364ea597-e728-4ce4-bb4a-ed846ef47970}"= "c:\program files (x86)\MapsGalaxy_39\bar\2.bin\39bar.dll" [BU]
"{f20de5e0-2a6e-4c54-985f-1cf59551ce39}"= "c:\program files (x86)\WeatherBlink\bar\1.bin\gcbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{8f61e414-ea79-4559-8bb6-61d956f70306}]
.
[HKEY_CLASSES_ROOT\clsid\{364ea597-e728-4ce4-bb4a-ed846ef47970}]
.
[HKEY_CLASSES_ROOT\clsid\{f20de5e0-2a6e-4c54-985f-1cf59551ce39}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-06-08 15928]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-22 35840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-06-11 22016]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-06-08 27136]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1255736]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
R4 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe [2013-01-08 32808]
R4 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-09-08 87992]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-09 375728]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R4 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]
R4 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 932384]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 15:19]
.
2013-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3642274781-3912715630-3889302560-1000Core.job
- c:\users\thibault\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-16 12:58]
.
2013-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3642274781-3912715630-3889302560-1000UA.job
- c:\users\thibault\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-16 12:58]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-11 19:12]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-11 19:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50    133400    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ccube_Uninstall_Lock"="c:\programdata\CA\cacu_001.exe" [2012-08-18 2578512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80304&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80304
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\thibault\AppData\Roaming\Mozilla\Firefox\Profiles\uyo5zbyl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=3&q={searchTerms}&CUI=UN14456464401275500
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CUI=UN14456464401275500&UM=UM_ID&q=
FF - ExtSQL: !HIDDEN! 2011-05-20 15:37; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{71c1d63a-c944-428a-a5bd-ba513190e5d2} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-DefaultTab - c:\users\thibault\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-21  07:59:24 - machine was rebooted
ComboFix-quarantined-files.txt  2013-02-21 12:59
ComboFix2.txt  2013-02-20 23:27
.
Pre-Run: 266,784,387,072 bytes free
Post-Run: 266,732,105,728 bytes free
.
- - End Of File - - 07C00720815CD2200E1163849FE9F160

===============================================

 

# AdwCleaner v2.112 - Logfile created 02/21/2013 at 08:13:34
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : thibault - THIBAULT-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\thibault\Desktop\adwcleaner0.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\thibault\AppData\Roaming\Mozilla\Firefox\Profiles\ayeybqiy.default\searchplugins\Askcom.xml
File Found : C:\Users\thibault\AppData\Roaming\Mozilla\Firefox\Profiles\uyo5zbyl.default\searchplugins\Conduit.xml
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\thibault\AppData\Local\Conduit
Folder Found : C:\Users\thibault\AppData\Local\SwvUpdater
Folder Found : C:\Users\thibault\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\thibault\AppData\LocalLow\Conduit
Folder Found : C:\Users\thibault\AppData\LocalLow\FunWebProducts
Folder Found : C:\Users\thibault\AppData\LocalLow\MyWebSearch
Folder Found : C:\Users\thibault\AppData\LocalLow\PriceGong
Folder Found : C:\Users\thibault\AppData\Roaming\DefaultTab
Folder Found : C:\Users\thibault\AppData\Roaming\Mozilla\Firefox\Profiles\ayeybqiy.default\extensions\39ffxtbr@MapsGalaxy_39.com
Folder Found : C:\Users\thibault\AppData\Roaming\Mozilla\Firefox\Profiles\ayeybqiy.default\extensions\gcffxtbr@WeatherBlink.com
Folder Found : C:\Users\thibault\AppData\Roaming\Mozilla\Firefox\Profiles\ayeybqiy.default\extensions\toolbar@ask.com

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Found : HKCU\Software\AppDataLow\Software\I Want This
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKLM\SOFTWARE\Classes\DailyBibleGuideInstaller.Start
Key Found : HKLM\SOFTWARE\Classes\DailyBibleGuideInstaller.Start.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{21EF3164-5FA8-4FF0-8BBE-25B23F313086}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DailyBibleGuideEI
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@ei.DailyBibleGuide.com/Plugin
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B3595550-5007-4AEB-BB04-D00E62E836A8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F0786343-938E-456B-8798-DE7EEC08F820}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Found : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B3595550-5007-4AEB-BB04-D00E62E836A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F0786343-938E-456B-8798-DE7EEC08F820}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-3642274781-3912715630-3889302560-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80304&lng=en
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80304
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80304&lng=en
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80304

-\\ Mozilla Firefox v13.0.1 (en-US)

File : C:\Users\thibault\AppData\Roaming\Mozilla\Firefox\Profiles\uyo5zbyl.default\prefs.js

Found : user_pref("CT3279141_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "");
Found : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke B Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&d[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3279141");
Found : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke B Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&Sea[...]
Found : user_pref("extensions.toolbar.mindspark._gcMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CU[...]
Found : user_pref("smartBar.searchInNewTabOwner", "CT3279141");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\thibault\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14292 octets] - [21/02/2013 08:13:34]

########## EOF - C:\AdwCleaner[R1].txt - [14353 octets] ##########
 



#13 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:08:16 PM

Posted 21 February 2013 - 03:43 PM

Good morning jtphenom,

 

Please do the following to re-run AdwCleaner:

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    Note: If you get a message that you must reboot the computer before starting deletion, please do. At reboot, only AdwCleaner will run and you can only click on the Delete button.
    When the deletion is done, AdwCleaner will reboot the computer again and open the logfile.

 

What issues remain on your laptop?
 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#14 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 21 February 2013 - 03:45 PM

Hi Dark Knight,


I will do this tonight when I get home. I have not tried to use my laptop in regular mode with all the services running since I started the cleanup process. After I post the log, I'll re-enable my normal services and update you on how it's running.

 

Thanks!!!



#15 jtphenom

jtphenom
  • Topic Starter

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 21 February 2013 - 06:21 PM

Here is my new AdwCleaner log. I will play around and see what issues I'm still having.

 

# AdwCleaner v2.112 - Logfile created 02/21/2013 at 18:15:02
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : thibault - THIBAULT-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\thibault\Desktop\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\thibault\AppData\Roaming\Mozilla\Firefox\Profiles\ayeybqiy.default\searchplugins\Askcom.xml
File Deleted : C:\Users\thibault\AppData\Roaming\Mozilla\Firefox\Profiles\uyo5zbyl.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\thibault\AppData\Local\Conduit
Folder Deleted : C:\Users\thibault\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\thibault\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\thibault\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\thibault\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\thibault\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\thibault\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\thibault\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\thibault\AppData\Roaming\Mozilla\Firefox\Profiles\ayeybqiy.default\extensions\39ffxtbr@MapsGalaxy_39.com
Folder Deleted : C:\Users\thibault\AppData\Roaming\Mozilla\Firefox\Profiles\ayeybqiy.default\extensions\gcffxtbr@WeatherBlink.com
Folder Deleted : C:\Users\thibault\AppData\Roaming\Mozilla\Firefox\Profiles\ayeybqiy.default\extensions\toolbar@ask.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Classes\DailyBibleGuideInstaller.Start
Key Deleted : HKLM\SOFTWARE\Classes\DailyBibleGuideInstaller.Start.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{21EF3164-5FA8-4FF0-8BBE-25B23F313086}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DailyBibleGuideEI
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.DailyBibleGuide.com/Plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B3595550-5007-4AEB-BB04-D00E62E836A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F0786343-938E-456B-8798-DE7EEC08F820}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3595550-5007-4AEB-BB04-D00E62E836A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F0786343-938E-456B-8798-DE7EEC08F820}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80304&lng=en --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80304 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80304&lng=en --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80304 --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (en-US)

File : C:\Users\thibault\AppData\Roaming\Mozilla\Firefox\Profiles\uyo5zbyl.default\prefs.js

Deleted : user_pref("CT3279141_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke B Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&d[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3279141");
Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke B Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&Sea[...]
Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=2&CU[...]
Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3279141");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\thibault\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14339 octets] - [21/02/2013 08:13:34]
AdwCleaner[S1].txt - [14638 octets] - [21/02/2013 18:15:02]

########## EOF - C:\AdwCleaner[S1].txt - [14699 octets] ##########
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users