Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

click.sureonlinefind.com/ads-clicktrack Redirect


  • This topic is locked This topic is locked
17 replies to this topic

#1 Oddman666

Oddman666

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 13 July 2013 - 11:34 PM

Firefox is infected with a redirect malware that sends me to the above Topic redirect. Have to click back, and then will take me to the desired location.

 

Example:

http://click.sureonlinefind.com/ads-clicktrack/click/newjump1.do?affiliate=48640&subid=14529&terms=click&ai=ijJLhOg2TFSlly8R-l4KlHfF0fBEaaKF2qQoB3rzcV9pyoICiPRClv-taTDht-25mzlz4f4Si5zFOFe9_yiwWzL2g0yNvIt6bjmP_685q2aRicU_bPOInemZQykJeWc6iqiifbwOUNYRiH-avz8tHHApvGf4ghy_k0opM58ITfvHgNGJrRt7StGefaimwuwYhbIOCoihmTS3gEeU_NNwuZWhVlSGgf0bo29fcLd3ALK2XyKJRai1DDn0zUG92Jt-GamlWHq3udADEDkegI_LNVurKOSt98tBddFJiM_DpYlNA0meI8WksYtw9r8uWw8C

 

 

and:

http://click.sureonlinefind.com/ads-clicktrack/click/newjump1.do?affiliate=48640&subid=15640&terms=click&ai=RQZ0rot9ui2gXUgmnl_Fn6hHTbneZXQPVPl60A6QPAju-kA61EIA2mkWsy3Cf8pPq8qoFN0eColtaHHhUEOwf6r05MPXI-2wUawX-aik7qn9cH5GmYqMxQYbDCaA2j3TL_4acfRA8rtD0jxIYWVSFc2W9krgXlrlQP4p2jjUefUWzOlbam2e9LPJafbgL14OXpR3UIabmwz80Kj5LDZMPkV1i7bw_4H1CnbtoBcnxdTQCBaViJg7-H4ImaxBU-sZSr76DIT3d77r348GTnv1Y-_t2KQR-iabPxI8ra2soiTPSjxAqt6-JyZtP_XvJIQKx9I92vd0-Bna24ctTdhbHbdq611G1Qf96vT7Vjj2w1pAbfaYOV2KN7j_2I9gNw27EWR-OyB7eePwdOoMfIeNBw

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2
Run by Daley at 21:25:37 on 2013-07-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.4651 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Daley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Users\Daley\AppData\Local\Autobahn\nexdef.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Daley\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
uURLSearchHooks: FLV Runner B Toolbar: {6ec5b552-6d23-4e05-a153-32aa26f7d9e8} - C:\Program Files (x86)\FLV_Runner_B\prxtbFLV_.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
mURLSearchHooks: FLV Runner B Toolbar: {6ec5b552-6d23-4e05-a153-32aa26f7d9e8} - C:\Program Files (x86)\FLV_Runner_B\prxtbFLV_.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: FLV Runner B Toolbar: {6ec5b552-6d23-4e05-a153-32aa26f7d9e8} - C:\Program Files (x86)\FLV_Runner_B\prxtbFLV_.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: FLV Runner B Toolbar: {6EC5B552-6D23-4E05-A153-32AA26F7D9E8} - C:\Program Files (x86)\FLV_Runner_B\prxtbFLV_.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
TB: FLV Runner B Toolbar: {6ec5b552-6d23-4e05-a153-32aa26f7d9e8} - C:\Program Files (x86)\FLV_Runner_B\prxtbFLV_.dll
TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Daley\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spotify] "C:\Users\Daley\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Daley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Daley\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEXDEF~1.LNK - C:\Users\Daley\AppData\Local\Autobahn\nexdef.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B226BA9A-BBA6-4618-AFB1-A970DF9BC717} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C7DBF695-6709-4F85-B51B-AF27BB7D7B2A} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Daley\AppData\Roaming\Mozilla\Firefox\Profiles\wwom4ode.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Daley\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Daley\AppData\Roaming\Mozilla\Firefox\Profiles\wwom4ode.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Daley\AppData\Roaming\Mozilla\Firefox\Profiles\wwom4ode.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Daley\AppData\Roaming\Mozilla\Firefox\Profiles\wwom4ode.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\Daley\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Daley\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Daley\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-11-01 10:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-03-09 17:54; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-3-4 236688]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2011-5-23 48992]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-10 45856]
R1 RapportCerberus_51755;RapportCerberus_51755;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [2013-4-10 586072]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-6-18 229040]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-6-18 357712]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-1 203776]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-6-7 806776]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2009-8-24 20376]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-12-5 2321560]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-5-23 192512]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-6-18 1124632]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-26 1598128]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2013-4-22 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2013-4-22 270192]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-2 187392]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca23c02371c5ab;Google Update Service (gupdate1ca23c02371c5ab);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-8-23 133104]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2008-4-1 24576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-3-6 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-3-10 29720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-14 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-13 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .vbe: VBEFile=C:\Windows\SysWow64\WScript.exe "%1" %*
FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
FileExt: .js: JSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-07-11 17:25:09    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-10 10:44:49    571904    ----a-w-    C:\Program Files\Windows Defender\MpClient.dll
2013-07-09 00:38:33    92056    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-06-27 19:04:41    --------    d-----w-    C:\Users\Daley\AppData\Local\Western_Digital_Technolog
2013-06-27 18:59:19    --------    d-----w-    C:\Program Files\Common Files\Western Digital
2013-06-27 18:59:18    --------    d-----w-    C:\Program Files\Western Digital
2013-06-27 18:59:18    --------    d-----w-    C:\Program Files (x86)\Western Digital
2013-06-27 18:59:18    --------    d-----w-    C:\Program Files (x86)\Common Files\Western Digital
2013-06-27 18:56:22    --------    d-----w-    C:\ProgramData\Package Cache
2013-06-20 16:51:59    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-20 16:51:59    --------    d-----w-    C:\Program Files\iTunes
2013-06-20 16:51:59    --------    d-----w-    C:\Program Files\iPod
2013-06-14 14:59:28    --------    d-----w-    C:\Program Files (x86)\Application Updater
2013-06-14 14:59:27    --------    d-----w-    C:\Program Files (x86)\YTD Toolbar
.
==================== Find3M  ====================
.
2013-07-11 17:25:02    867240    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2013-07-11 17:25:02    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-07-11 17:19:59    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-11 17:19:58    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-26 14:26:32    45856    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-06-18 23:14:30    236688    ----a-w-    C:\Windows\System32\drivers\RapportKE64.sys
2013-06-11 23:43:37    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-09 16:42:39    0    ----a-w-    C:\Users\Daley\notepad.exe
2013-06-09 16:42:38    0    ----a-w-    C:\Users\Daley\mstsc.exe
2013-06-09 16:42:33    0    ----a-w-    C:\Users\Daley\skype.exe
2013-06-09 16:42:32    0    ----a-w-    C:\Users\Daley\java.exe
2013-06-07 03:22:18    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-05-31 00:13:15    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49    1887744    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35    1620480    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-01 10:59:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 10:59:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
.
============= FINISH: 21:27:08.63 ===============
 

 

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:18 AM

Posted 14 July 2013 - 08:49 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Oddman666

Oddman666
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 14 July 2013 - 03:10 PM

Thanks Marius,

 

I did as instructed and here are the results of the scan:

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-14 13:07:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3750528AS rev.HP22 698.64GB
Running: cdwemd9f.exe; Driver: C:\Users\Daley\AppData\Local\Temp\fwloapow.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\WUDFHost.exe [3868:3900]                    000007fef50724a0
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4088:4204]  000007fefa862a7c

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                           unknown MBR code

---- EOF - GMER 2.1 ----
 

 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:18 AM

Posted 15 July 2013 - 12:52 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Oddman666

Oddman666
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 15 July 2013 - 12:15 PM

I disabled my AVG 2012 antivirus and started combofix. I then says: Combofix has detected the following real time scanners to be active:

 

Mcafee Anti-Virus Anti-Spyware

 

I have not used Mcafee in a couple years and don't find it anywhere in my system. Comfofix says not to run until it's disabled. What should I do? I am going to restart my AVG anti-virus until I receive your response. Thanks!



#6 Oddman666

Oddman666
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 15 July 2013 - 03:35 PM

Nevermind that last post. I was able to get rid of the McAfee program that I wasn't using and ran combofix. The log is pasted below. thanks!

 

ComboFix 13-07-15.01 - Daley 07/15/2013  10:46:41.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.5899 [GMT -7:00]
Running from: c:\users\Daley\Desktop\ComboFix.exe
AV: AVG Premium Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Premium Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Premium Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Coupon Companion Plugin\CoUPon companion plugin.dll
c:\programdata\1246605887
c:\programdata\126286f2l228e818f077w0jcy6l8
c:\users\Daley\AppData\Local\Temp\_MEI48682\_ctypes.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\_elementtree.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\_hashlib.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\_multiprocessing.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\_socket.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\_ssl.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\pyexpat.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\pysqlite2._sqlite.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\python27.dll
c:\users\Daley\AppData\Local\Temp\_MEI48682\pythoncom27.dll
c:\users\Daley\AppData\Local\Temp\_MEI48682\PyWinTypes27.dll
c:\users\Daley\AppData\Local\Temp\_MEI48682\select.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\unicodedata.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\win32api.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\win32com.shell.shell.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\win32crypt.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\win32event.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\win32file.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\win32inet.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\win32pdh.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\win32process.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\win32profile.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\win32security.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\win32ts.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\windows._cacheinvalidation.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\wx._controls_.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\wx._core_.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\wx._gdi_.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\wx._html2.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\wx._misc_.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\wx._windows_.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\wx._wizard.pyd
c:\users\Daley\AppData\Local\Temp\_MEI48682\wxbase294u_net_vc90.dll
c:\users\Daley\AppData\Local\Temp\_MEI48682\wxbase294u_vc90.dll
c:\users\Daley\AppData\Local\Temp\_MEI48682\wxmsw294u_adv_vc90.dll
c:\users\Daley\AppData\Local\Temp\_MEI48682\wxmsw294u_core_vc90.dll
c:\users\Daley\AppData\Local\Temp\_MEI48682\wxmsw294u_html_vc90.dll
c:\users\Daley\AppData\Local\Temp\_MEI48682\wxmsw294u_webview_vc90.dll
c:\users\Daley\java.exe
c:\users\Daley\mstsc.exe
c:\users\Daley\notepad.exe
c:\users\Daley\skype.exe
.
---- Previous Run -------
.
c:\users\Daley\AppData\Roaming\Microsoft\Windows\Templates\pjbllu5m1fmh2kge0fsq1w677n2f
c:\users\Daley\Documents\~WRL3261.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-15 to 2013-07-15  )))))))))))))))))))))))))))))))
.
.
2013-07-15 17:58 . 2013-07-15 17:58    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-11 17:25 . 2013-07-11 17:25    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-07-11 17:25 . 2013-07-11 17:25    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-10 10:44 . 2013-05-27 05:50    1011712    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2013-06-27 19:04 . 2013-06-27 19:04    --------    d-----w-    c:\users\Daley\AppData\Local\Western_Digital_Technolog
2013-06-27 18:59 . 2013-06-27 18:59    --------    d-----w-    c:\program files\Common Files\Western Digital
2013-06-27 18:59 . 2013-06-27 18:59    --------    d-----w-    c:\program files (x86)\Common Files\Western Digital
2013-06-27 18:59 . 2013-06-27 18:59    --------    d-----w-    c:\program files (x86)\Western Digital
2013-06-27 18:59 . 2013-06-27 18:59    --------    d-----w-    c:\program files\Western Digital
2013-06-27 18:56 . 2013-06-27 18:56    --------    d-----w-    c:\programdata\Package Cache
2013-06-20 16:51 . 2013-06-20 16:52    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-20 16:51 . 2013-06-20 16:52    --------    d-----w-    c:\program files\iTunes
2013-06-20 16:51 . 2013-06-20 16:51    --------    d-----w-    c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 17:25 . 2011-12-22 17:15    867240    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-07-11 17:25 . 2010-06-10 13:42    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-07-11 17:19 . 2013-02-11 21:04    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-11 17:19 . 2011-07-22 18:44    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-11 10:13 . 2010-01-27 02:23    78185248    ----a-w-    c:\windows\system32\MRT.exe
2013-06-26 14:26 . 2012-11-10 15:08    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-06-18 23:14 . 2011-03-05 03:45    236688    ----a-w-    c:\windows\system32\drivers\RapportKE64.sys
2013-05-31 00:15 . 2013-05-31 00:15    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-05-31 00:15 . 2013-05-31 00:15    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-05-31 00:15 . 2013-05-31 00:15    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-31 00:15 . 2013-05-31 00:15    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-05-31 00:15 . 2013-05-31 00:15    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-05-31 00:15 . 2013-05-31 00:15    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-05-31 00:15 . 2013-05-31 00:15    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-05-31 00:15 . 2013-05-31 00:15    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-05-31 00:15 . 2013-05-31 00:15    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-05-31 00:15 . 2013-05-31 00:15    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-05-31 00:15 . 2013-05-31 00:15    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-05-31 00:15 . 2013-05-31 00:15    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-31 00:15 . 2013-05-31 00:15    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-05-31 00:15 . 2013-05-31 00:15    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-05-31 00:15 . 2013-05-31 00:15    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-05-31 00:15 . 2013-05-31 00:15    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-05-31 00:15 . 2013-05-31 00:15    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-05-31 00:15 . 2013-05-31 00:15    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-05-31 00:15 . 2013-05-31 00:15    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-05-31 00:15 . 2013-05-31 00:15    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-05-31 00:15 . 2013-05-31 00:15    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-05-31 00:15 . 2013-05-31 00:15    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-05-31 00:15 . 2013-05-31 00:15    441856    ----a-w-    c:\windows\system32\html.iec
2013-05-31 00:15 . 2013-05-31 00:15    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-05-31 00:15 . 2013-05-31 00:15    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-05-31 00:15 . 2013-05-31 00:15    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-05-31 00:15 . 2013-05-31 00:15    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-05-31 00:15 . 2013-05-31 00:15    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-05-31 00:15 . 2013-05-31 00:15    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-31 00:15 . 2013-05-31 00:15    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-05-31 00:15 . 2013-05-31 00:15    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-05-31 00:15 . 2013-05-31 00:15    235008    ----a-w-    c:\windows\system32\url.dll
2013-05-31 00:15 . 2013-05-31 00:15    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-05-31 00:15 . 2013-05-31 00:15    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-05-31 00:15 . 2013-05-31 00:15    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-05-31 00:15 . 2013-05-31 00:15    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-05-31 00:15 . 2013-05-31 00:15    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-05-31 00:15 . 2013-05-31 00:15    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-05-31 00:15 . 2013-05-31 00:15    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-05-31 00:15 . 2013-05-31 00:15    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-05-31 00:15 . 2013-05-31 00:15    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-05-31 00:15 . 2013-05-31 00:15    149504    ----a-w-    c:\windows\system32\occache.dll
2013-05-31 00:15 . 2013-05-31 00:15    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-05-31 00:15 . 2013-05-31 00:15    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-05-31 00:15 . 2013-05-31 00:15    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-05-31 00:15 . 2013-05-31 00:15    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-05-31 00:15 . 2013-05-31 00:15    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-05-31 00:15 . 2013-05-31 00:15    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-05-31 00:15 . 2013-05-31 00:15    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-05-31 00:13 . 2013-05-31 00:13    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-05-31 00:13 . 2013-05-31 00:13    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-05-31 00:13 . 2013-05-31 00:13    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-31 00:13 . 2013-05-31 00:13    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-05-31 00:13 . 2013-05-31 00:13    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-31 00:13 . 2013-05-31 00:13    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
2013-05-31 00:13 . 2013-05-31 00:13    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2013-05-31 00:13 . 2013-05-31 00:13    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-05-31 00:13 . 2013-05-31 00:13    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-05-31 00:13 . 2013-05-31 00:13    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-05-31 00:13 . 2013-05-31 00:13    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-05-31 00:13 . 2013-05-31 00:13    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-05-31 00:13 . 2013-05-31 00:13    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-05-31 00:13 . 2013-05-31 00:13    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-05-31 00:13 . 2013-05-31 00:13    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-05-31 00:13 . 2013-05-31 00:13    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2013-05-31 00:13 . 2013-05-31 00:13    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-05-31 00:13 . 2013-05-31 00:13    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-05-31 00:13 . 2013-05-31 00:13    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-05-31 00:13 . 2013-05-31 00:13    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-05-31 00:13 . 2013-05-31 00:13    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-31 00:13 . 2013-05-31 00:13    1988096    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2013-05-31 00:13 . 2013-05-31 00:13    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-05-31 00:13 . 2013-05-31 00:13    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2013-05-31 00:13 . 2013-05-31 00:13    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2013-05-31 00:13 . 2013-05-31 00:13    1238528    ----a-w-    c:\windows\system32\d3d10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
"{6ec5b552-6d23-4e05-a153-32aa26f7d9e8}"= "c:\program files (x86)\FLV_Runner_B\prxtbFLV_.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CLASSES_ROOT\clsid\{6ec5b552-6d23-4e05-a153-32aa26f7d9e8}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49    176936    ----a-w-    c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6ec5b552-6d23-4e05-a153-32aa26f7d9e8}]
2012-11-06 12:01    183112    ----a-w-    c:\program files (x86)\FLV_Runner_B\prxtbFLV_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49    176936    ----a-w-    c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-06-26 14:26    3055280    ----a-w-    c:\program files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 20:29    1490312    ----a-w-    c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
2013-06-08 03:39    1353536    ----a-w-    c:\program files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll" [2013-06-26 3055280]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
"{6ec5b552-6d23-4e05-a153-32aa26f7d9e8}"= "c:\program files (x86)\FLV_Runner_B\prxtbFLV_.dll" [2012-11-06 183112]
"{F3FEE66E-E034-436a-86E4-9690573BEE8A}"= "c:\program files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll" [2013-06-08 1353536]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CLASSES_ROOT\clsid\{6ec5b552-6d23-4e05-a153-32aa26f7d9e8}]
.
[HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Spotify"="c:\users\Daley\AppData\Roaming\Spotify\Spotify.exe" [2012-07-31 7601880]
"Spotify Web Helper"="c:\users\Daley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-31 1193176]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-07 19676256]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-21 98304]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-06 2904984]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-06 36760]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-20 2598520]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-06-26 2236080]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-06-08 1302336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2013-04-22 5687152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Daley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
NexDef Plug-in.lnk - c:\users\Daley\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2011-4-29 276328]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-2-9 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SASDIFSV;SASDIFSV;c:\users\Daley\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS;c:\users\Daley\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Daley\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS;c:\users\Daley\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate1ca23c02371c5ab;Google Update Service (gupdate1ca23c02371c5ab);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys;c:\windows\SYSNATIVE\DRIVERS\FlyUsb.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 RapportCerberus_51755;RapportCerberus_51755;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe;c:\program files (x86)\AVG\AVG2012\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MPFP
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 04:21    1173456    ----a-w-    c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-11 17:20]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-23 07:05]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-23 07:05]
.
2013-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3357670943-1882708060-3001534358-1000Core.job
- c:\users\Daley\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 03:37]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3357670943-1882708060-3001534358-1000UA.job
- c:\users\Daley\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 03:37]
.
2013-07-09 c:\windows\Tasks\HPCeeScheduleForDaley.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-23 01:17]
.
2013-07-15 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-22 18:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 06:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 06:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 06:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 06:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 06:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 06:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
FF - ProfilePath - c:\users\Daley\AppData\Roaming\Mozilla\Firefox\Profiles\wwom4ode.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - ExtSQL: !HIDDEN! 2009-11-01 10:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-03-09 17:54; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11111111-1111-1111-1111-110211181104} - c:\program files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{6EC5B552-6D23-4E05-A153-32AA26F7D9E8} - (no file)
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-1038047030.www1.movie-promo.com - c:\program files (x86)\Microsoft Silverlight\4.0.51204.0\Silverlight.Configuration.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
c:\program files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\AVG\AVG2012\avgmfapx.exe
.
**************************************************************************
.
Completion time: 2013-07-15  13:15:45 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-15 20:15
.
Pre-Run: 201,720,791,040 bytes free
Post-Run: 201,384,091,648 bytes free
.
- - End Of File - - DB4AE8148923D1C0FB11BCC0011C349E
03BA8F890B47C0BE359A4D5A636D214D
 



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:18 AM

Posted 16 July 2013 - 01:12 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Quick Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 Oddman666

Oddman666
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 16 July 2013 - 03:13 AM

Combofix log:

 

ComboFix 13-07-15.01 - Daley 07/16/2013   0:25.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.6096 [GMT -7:00]
Running from: c:\users\Daley\Desktop\ComboFix.exe
Command switches used :: c:\users\Daley\Desktop\Bleeping Computer\CFScript.txt
AV: AVG Premium Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Premium Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Premium Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_a691.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\FLV_Runner_B
c:\program files (x86)\FLV_Runner_B\FLV_Runner_BToolbarHelper.exe
c:\program files (x86)\FLV_Runner_B\GottenAppsContextMenu.xml
c:\program files (x86)\FLV_Runner_B\ldrtbFLV_.dll
c:\program files (x86)\FLV_Runner_B\OtherAppsContextMenu.xml
c:\program files (x86)\FLV_Runner_B\prxtbFLV_.dll
c:\program files (x86)\FLV_Runner_B\SharedAppsContextMenu.xml
c:\program files (x86)\FLV_Runner_B\tbFLV_.dll
c:\program files (x86)\FLV_Runner_B\toolbar.cfg
c:\program files (x86)\FLV_Runner_B\ToolbarContextMenu.xml
c:\program files (x86)\FLV_Runner_B\uninstall.exe
c:\program files (x86)\uTorrentControl2
c:\program files (x86)\uTorrentControl2\GottenAppsContextMenu.xml
c:\program files (x86)\uTorrentControl2\ldrtbuTor.dll
c:\program files (x86)\uTorrentControl2\OtherAppsContextMenu.xml
c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
c:\program files (x86)\uTorrentControl2\SharedAppsContextMenu.xml
c:\program files (x86)\uTorrentControl2\tbuTor.dll
c:\program files (x86)\uTorrentControl2\toolbar.cfg
c:\program files (x86)\uTorrentControl2\ToolbarContextMenu.xml
c:\program files (x86)\uTorrentControl2\uninstall.exe
c:\program files (x86)\uTorrentControl2\uTorrentControl2ToolbarHelper.exe
c:\program files (x86)\YTD Toolbar
c:\program files (x86)\YTD Toolbar\FF\chrome.manifest
c:\program files (x86)\YTD Toolbar\FF\chrome\chrome.jar
c:\program files (x86)\YTD Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
c:\program files (x86)\YTD Toolbar\FF\components\IFBHOWidgiToolbar.xpt
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll.10
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll.11
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll.12
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll.13
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll.14
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll.15
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll.16
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll.17
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll.18
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll.19
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll.20
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll.21
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll.22
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll.5
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll.6
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll.7
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll.8
c:\program files (x86)\YTD Toolbar\FF\components\ytdFF.dll.9
c:\program files (x86)\YTD Toolbar\FF\install.rdf
c:\program files (x86)\YTD Toolbar\IE\7.2\config.ini
c:\program files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll
c:\program files (x86)\YTD Toolbar\Res\amazon.gif
c:\program files (x86)\YTD Toolbar\Res\dailymotion.gif
c:\program files (x86)\YTD Toolbar\Res\ebay.gif
c:\program files (x86)\YTD Toolbar\Res\facebook.gif
c:\program files (x86)\YTD Toolbar\Res\googleplus.gif
c:\program files (x86)\YTD Toolbar\Res\hulu.gif
c:\program files (x86)\YTD Toolbar\Res\icon_settings.gif
c:\program files (x86)\YTD Toolbar\Res\Lang\res1031.ini
c:\program files (x86)\YTD Toolbar\Res\Lang\res1033.ini
c:\program files (x86)\YTD Toolbar\Res\Lang\res1034.ini
c:\program files (x86)\YTD Toolbar\Res\Lang\res1036.ini
c:\program files (x86)\YTD Toolbar\Res\Lang\res1040.ini
c:\program files (x86)\YTD Toolbar\Res\metacafe.gif
c:\program files (x86)\YTD Toolbar\Res\radio-close.gif
c:\program files (x86)\YTD Toolbar\Res\radio-minimize.gif
c:\program files (x86)\YTD Toolbar\Res\radiobeta.gif
c:\program files (x86)\YTD Toolbar\Res\search-button-hover.gif
c:\program files (x86)\YTD Toolbar\Res\search-button.gif
c:\program files (x86)\YTD Toolbar\Res\search-chevron-hover.gif
c:\program files (x86)\YTD Toolbar\Res\search-chevron.gif
c:\program files (x86)\YTD Toolbar\Res\search_amazon.gif
c:\program files (x86)\YTD Toolbar\Res\search_baidu.gif
c:\program files (x86)\YTD Toolbar\Res\search_ebay.gif
c:\program files (x86)\YTD Toolbar\Res\search_yahoo.gif
c:\program files (x86)\YTD Toolbar\Res\search_yandex.gif
c:\program files (x86)\YTD Toolbar\Res\search_youtube.gif
c:\program files (x86)\YTD Toolbar\Res\twitter.gif
c:\program files (x86)\YTD Toolbar\Res\veoh.gif
c:\program files (x86)\YTD Toolbar\Res\widgets.xml
c:\program files (x86)\YTD Toolbar\Res\youtube.gif
c:\program files (x86)\YTD Toolbar\Res\ytd.gif
c:\program files (x86)\YTD Toolbar\Res\ytd_logo.gif
c:\program files (x86)\YTD Toolbar\Res\ytd_logo_hover.gif
c:\program files (x86)\YTD Toolbar\WidgiHelper.exe
c:\users\Daley\AppData\Local\Temp\_MEI39362\_ctypes.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\_elementtree.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\_hashlib.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\_multiprocessing.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\_socket.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\_ssl.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\pyexpat.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\pysqlite2._sqlite.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\python27.dll
c:\users\Daley\AppData\Local\Temp\_MEI39362\pythoncom27.dll
c:\users\Daley\AppData\Local\Temp\_MEI39362\PyWinTypes27.dll
c:\users\Daley\AppData\Local\Temp\_MEI39362\select.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\unicodedata.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\win32api.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\win32com.shell.shell.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\win32crypt.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\win32event.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\win32file.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\win32inet.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\win32pdh.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\win32process.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\win32profile.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\win32security.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\win32ts.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\windows._cacheinvalidation.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\wx._controls_.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\wx._core_.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\wx._gdi_.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\wx._html2.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\wx._misc_.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\wx._windows_.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\wx._wizard.pyd
c:\users\Daley\AppData\Local\Temp\_MEI39362\wxbase294u_net_vc90.dll
c:\users\Daley\AppData\Local\Temp\_MEI39362\wxbase294u_vc90.dll
c:\users\Daley\AppData\Local\Temp\_MEI39362\wxmsw294u_adv_vc90.dll
c:\users\Daley\AppData\Local\Temp\_MEI39362\wxmsw294u_core_vc90.dll
c:\users\Daley\AppData\Local\Temp\_MEI39362\wxmsw294u_html_vc90.dll
c:\users\Daley\AppData\Local\Temp\_MEI39362\wxmsw294u_webview_vc90.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-16 to 2013-07-16  )))))))))))))))))))))))))))))))
.
.
2013-07-16 07:39 . 2013-07-16 07:39    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-11 17:25 . 2013-07-11 17:25    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-07-11 17:25 . 2013-07-11 17:25    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-10 10:44 . 2013-05-27 05:50    1011712    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2013-06-27 19:04 . 2013-06-27 19:04    --------    d-----w-    c:\users\Daley\AppData\Local\Western_Digital_Technolog
2013-06-27 18:59 . 2013-06-27 18:59    --------    d-----w-    c:\program files\Common Files\Western Digital
2013-06-27 18:59 . 2013-06-27 18:59    --------    d-----w-    c:\program files (x86)\Common Files\Western Digital
2013-06-27 18:59 . 2013-06-27 18:59    --------    d-----w-    c:\program files (x86)\Western Digital
2013-06-27 18:59 . 2013-06-27 18:59    --------    d-----w-    c:\program files\Western Digital
2013-06-27 18:56 . 2013-06-27 18:56    --------    d-----w-    c:\programdata\Package Cache
2013-06-20 16:51 . 2013-06-20 16:52    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-20 16:51 . 2013-06-20 16:52    --------    d-----w-    c:\program files\iTunes
2013-06-20 16:51 . 2013-06-20 16:51    --------    d-----w-    c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 17:25 . 2011-12-22 17:15    867240    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-07-11 17:25 . 2010-06-10 13:42    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-07-11 17:19 . 2013-02-11 21:04    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-11 17:19 . 2011-07-22 18:44    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-11 10:13 . 2010-01-27 02:23    78185248    ----a-w-    c:\windows\system32\MRT.exe
2013-06-26 14:26 . 2012-11-10 15:08    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-06-18 23:14 . 2011-03-05 03:45    236688    ----a-w-    c:\windows\system32\drivers\RapportKE64.sys
2013-05-31 00:15 . 2013-05-31 00:15    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-05-31 00:15 . 2013-05-31 00:15    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-05-31 00:15 . 2013-05-31 00:15    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-31 00:15 . 2013-05-31 00:15    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-05-31 00:15 . 2013-05-31 00:15    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-05-31 00:15 . 2013-05-31 00:15    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-05-31 00:15 . 2013-05-31 00:15    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-05-31 00:15 . 2013-05-31 00:15    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-05-31 00:15 . 2013-05-31 00:15    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-05-31 00:15 . 2013-05-31 00:15    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-05-31 00:15 . 2013-05-31 00:15    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-05-31 00:15 . 2013-05-31 00:15    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-31 00:15 . 2013-05-31 00:15    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-05-31 00:15 . 2013-05-31 00:15    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-05-31 00:15 . 2013-05-31 00:15    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-05-31 00:15 . 2013-05-31 00:15    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-05-31 00:15 . 2013-05-31 00:15    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-05-31 00:15 . 2013-05-31 00:15    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-05-31 00:15 . 2013-05-31 00:15    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-05-31 00:15 . 2013-05-31 00:15    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-05-31 00:15 . 2013-05-31 00:15    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-05-31 00:15 . 2013-05-31 00:15    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-05-31 00:15 . 2013-05-31 00:15    441856    ----a-w-    c:\windows\system32\html.iec
2013-05-31 00:15 . 2013-05-31 00:15    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-05-31 00:15 . 2013-05-31 00:15    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-05-31 00:15 . 2013-05-31 00:15    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-05-31 00:15 . 2013-05-31 00:15    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-05-31 00:15 . 2013-05-31 00:15    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-05-31 00:15 . 2013-05-31 00:15    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-31 00:15 . 2013-05-31 00:15    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-05-31 00:15 . 2013-05-31 00:15    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-05-31 00:15 . 2013-05-31 00:15    235008    ----a-w-    c:\windows\system32\url.dll
2013-05-31 00:15 . 2013-05-31 00:15    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-05-31 00:15 . 2013-05-31 00:15    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-05-31 00:15 . 2013-05-31 00:15    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-05-31 00:15 . 2013-05-31 00:15    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-05-31 00:15 . 2013-05-31 00:15    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-05-31 00:15 . 2013-05-31 00:15    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-05-31 00:15 . 2013-05-31 00:15    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-05-31 00:15 . 2013-05-31 00:15    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-05-31 00:15 . 2013-05-31 00:15    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-05-31 00:15 . 2013-05-31 00:15    149504    ----a-w-    c:\windows\system32\occache.dll
2013-05-31 00:15 . 2013-05-31 00:15    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-05-31 00:15 . 2013-05-31 00:15    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-05-31 00:15 . 2013-05-31 00:15    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-05-31 00:15 . 2013-05-31 00:15    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-05-31 00:15 . 2013-05-31 00:15    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-05-31 00:15 . 2013-05-31 00:15    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-05-31 00:15 . 2013-05-31 00:15    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-05-31 00:13 . 2013-05-31 00:13    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-05-31 00:13 . 2013-05-31 00:13    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-05-31 00:13 . 2013-05-31 00:13    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-31 00:13 . 2013-05-31 00:13    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-05-31 00:13 . 2013-05-31 00:13    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-31 00:13 . 2013-05-31 00:13    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
2013-05-31 00:13 . 2013-05-31 00:13    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2013-05-31 00:13 . 2013-05-31 00:13    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-05-31 00:13 . 2013-05-31 00:13    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-05-31 00:13 . 2013-05-31 00:13    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-05-31 00:13 . 2013-05-31 00:13    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-05-31 00:13 . 2013-05-31 00:13    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-05-31 00:13 . 2013-05-31 00:13    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-05-31 00:13 . 2013-05-31 00:13    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-05-31 00:13 . 2013-05-31 00:13    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-05-31 00:13 . 2013-05-31 00:13    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2013-05-31 00:13 . 2013-05-31 00:13    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-05-31 00:13 . 2013-05-31 00:13    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-05-31 00:13 . 2013-05-31 00:13    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-05-31 00:13 . 2013-05-31 00:13    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-05-31 00:13 . 2013-05-31 00:13    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-31 00:13 . 2013-05-31 00:13    1988096    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2013-05-31 00:13 . 2013-05-31 00:13    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-05-31 00:13 . 2013-05-31 00:13    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2013-05-31 00:13 . 2013-05-31 00:13    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2013-05-31 00:13 . 2013-05-31 00:13    1238528    ----a-w-    c:\windows\system32\d3d10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}]
c:\program files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49    176936    ----a-w-    c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-06-26 14:26    3055280    ----a-w-    c:\program files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Spotify"="c:\users\Daley\AppData\Roaming\Spotify\Spotify.exe" [2012-07-31 7601880]
"Spotify Web Helper"="c:\users\Daley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-31 1193176]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-07 19676256]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-21 98304]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-06 2904984]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-06 36760]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-20 2598520]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-06-26 2236080]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-06-08 1302336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2013-04-22 5687152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Daley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
NexDef Plug-in.lnk - c:\users\Daley\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2011-4-29 276328]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-2-9 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SASDIFSV;SASDIFSV;c:\users\Daley\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS;c:\users\Daley\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Daley\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS;c:\users\Daley\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate1ca23c02371c5ab;Google Update Service (gupdate1ca23c02371c5ab);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys;c:\windows\SYSNATIVE\DRIVERS\FlyUsb.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 RapportCerberus_51755;RapportCerberus_51755;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe;c:\program files (x86)\AVG\AVG2012\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MPFP
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 04:21    1173456    ----a-w-    c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-11 17:20]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-23 07:05]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-23 07:05]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3357670943-1882708060-3001534358-1000Core.job
- c:\users\Daley\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 03:37]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3357670943-1882708060-3001534358-1000UA.job
- c:\users\Daley\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 03:37]
.
2013-07-09 c:\windows\Tasks\HPCeeScheduleForDaley.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-23 01:17]
.
2013-07-16 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-22 18:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 06:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 06:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 06:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 06:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 06:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 06:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
FF - ProfilePath - c:\users\Daley\AppData\Roaming\Mozilla\Firefox\Profiles\wwom4ode.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - ExtSQL: !HIDDEN! 2009-11-01 10:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-03-09 17:54; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-{6ec5b552-6d23-4e05-a153-32aa26f7d9e8} - c:\program files (x86)\FLV_Runner_B\prxtbFLV_.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-FLV_Runner_B Toolbar - c:\program files (x86)\FLV_Runner_B\uninstall.exe
AddRemove-uTorrentControl2 Toolbar - c:\program files (x86)\uTorrentControl2\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
c:\program files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
.
**************************************************************************
.
Completion time: 2013-07-16  00:51:59 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-16 07:51
ComboFix2.txt  2013-07-15 20:15
.
Pre-Run: 201,554,911,232 bytes free
Post-Run: 201,281,675,264 bytes free
.
- - End Of File - - B52D1EC7346472A35646BB1B964A8ED5
03BA8F890B47C0BE359A4D5A636D214D
 

 

Malwarebytes log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Daley :: DALEY-PC [administrator]

7/16/2013 12:57:42 AM
mbam-log-2013-07-16 (00-57-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264203
Time elapsed: 15 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:18 AM

Posted 16 July 2013 - 03:17 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 Oddman666

Oddman666
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 16 July 2013 - 02:30 PM

ESET Scan threat results:

 

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe    a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Coupon Companion Plugin\Uninstall.exe    multiple threats
C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe    a variant of Win32/Kryptik.SH trojan
C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe    a variant of Win32/Kryptik.SH trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\Coupon Companion Plugin\CoUPon companion plugin.dll.vir    a variant of Win32/Toolbar.CrossRider.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.10.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.11.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.12.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.13.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.14.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.15.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.16.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.17.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.18.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.19.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.20.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.21.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.22.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.5.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.6.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.7.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.8.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.9.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\FF\components\ytdFF.dll.vir    a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll.vir    a variant of Win32/Toolbar.Widgi application
C:\Users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe    a variant of Win32/Kryptik.SH trojan
C:\Users\Daley\AppData\Local\Google\Chrome\User Data\Default\Users\mjikdpobhnkcabbbfpdlmcfcbodldpnp\cs.js    Win32/TrojanDownloader.Tracur.AD trojan
C:\Users\Daley\AppData\Local\Updater21804\Updater21804.exe    a variant of Win32/Toolbar.CrossRider.C application
C:\Users\Daley\AppData\LocalLow\AskToolbar\setup.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Daley\Downloads\avc-free.exe    Win32/OpenCandy application
Operating memory    a variant of Win32/Toolbar.Widgi application
 



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:18 AM

Posted 16 July 2013 - 11:59 PM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Oddman666

Oddman666
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 17 July 2013 - 01:33 AM

Combofix log:

 

ComboFix 13-07-15.01 - Daley 07/16/2013  23:01:40.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8191.5176 [GMT -7:00]
Running from: c:\users\Daley\Desktop\ComboFix.exe
Command switches used :: c:\users\Daley\Desktop\CFScript.txt
AV: AVG Premium Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Premium Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Premium Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\HP Games\Farm Mania\Farm-WT.exe"
"c:\programdata\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe"
"c:\users\All Users\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe"
"c:\users\Daley\AppData\Local\Google\Chrome\User Data\Default\Users\mjikdpobhnkcabbbfpdlmcfcbodldpnp\cs.js"
"c:\users\Daley\Downloads\avc-free.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Spigot\Search Settings
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\config.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\searchcom_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\searchcom_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
c:\program files (x86)\Common Files\Spigot\Search Settings\wth162.dll
c:\program files (x86)\Common Files\Spigot\Search Settings\wthx162.dll
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files (x86)\Coupon Companion Plugin
c:\program files (x86)\Coupon Companion Plugin\background.html
c:\program files (x86)\Coupon Companion Plugin\ButtonUtil.dll
c:\program files (x86)\Coupon Companion Plugin\Coupon Companion Plugin-bg.exe
c:\program files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.exe
c:\program files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.ico
c:\program files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.ini
c:\program files (x86)\Coupon Companion Plugin\Coupon Companion PluginGui.exe
c:\program files (x86)\Coupon Companion Plugin\Installer.log
c:\program files (x86)\Coupon Companion Plugin\Uninstall.exe
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000020.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000021.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000022.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000023.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000024.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000225.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000228.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000229.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000230.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000231.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000232.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000234.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000235.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000236.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000238.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000239.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000240.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000242.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000245.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000246.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000247.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000248.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000249.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000250.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000251.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000252.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000253.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000254.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000255.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000256.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000257.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000258.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000259.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000260.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000261.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000262.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000263.rsc_tmp
c:\users\Daley\AppData\Local\Temp\_MEI48922\130716035613972-000264.rsc_tmp
c:\users\Daley\AppData\Local\Updater21804
c:\users\Daley\AppData\Local\Updater21804\Updater21804.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-17 to 2013-07-17  )))))))))))))))))))))))))))))))
.
.
2013-07-17 06:12 . 2013-07-17 06:12    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-11 17:25 . 2013-07-11 17:25    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-07-11 17:25 . 2013-07-11 17:25    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-10 10:44 . 2013-05-27 05:50    1011712    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2013-06-27 19:04 . 2013-06-27 19:04    --------    d-----w-    c:\users\Daley\AppData\Local\Western_Digital_Technolog
2013-06-27 18:59 . 2013-06-27 18:59    --------    d-----w-    c:\program files\Common Files\Western Digital
2013-06-27 18:59 . 2013-06-27 18:59    --------    d-----w-    c:\program files (x86)\Common Files\Western Digital
2013-06-27 18:59 . 2013-06-27 18:59    --------    d-----w-    c:\program files (x86)\Western Digital
2013-06-27 18:59 . 2013-06-27 18:59    --------    d-----w-    c:\program files\Western Digital
2013-06-27 18:56 . 2013-06-27 18:56    --------    d-----w-    c:\programdata\Package Cache
2013-06-20 16:51 . 2013-06-20 16:52    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-20 16:51 . 2013-06-20 16:52    --------    d-----w-    c:\program files\iTunes
2013-06-20 16:51 . 2013-06-20 16:51    --------    d-----w-    c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 17:25 . 2011-12-22 17:15    867240    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-07-11 17:25 . 2010-06-10 13:42    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-07-11 17:19 . 2013-02-11 21:04    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-11 17:19 . 2011-07-22 18:44    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-11 10:13 . 2010-01-27 02:23    78185248    ----a-w-    c:\windows\system32\MRT.exe
2013-06-26 14:26 . 2012-11-10 15:08    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-06-18 23:14 . 2011-03-05 03:45    236688    ----a-w-    c:\windows\system32\drivers\RapportKE64.sys
2013-05-31 00:15 . 2013-05-31 00:15    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-05-31 00:15 . 2013-05-31 00:15    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-05-31 00:15 . 2013-05-31 00:15    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-31 00:15 . 2013-05-31 00:15    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-05-31 00:15 . 2013-05-31 00:15    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-05-31 00:15 . 2013-05-31 00:15    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-05-31 00:15 . 2013-05-31 00:15    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-05-31 00:15 . 2013-05-31 00:15    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-05-31 00:15 . 2013-05-31 00:15    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-05-31 00:15 . 2013-05-31 00:15    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-05-31 00:15 . 2013-05-31 00:15    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-05-31 00:15 . 2013-05-31 00:15    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-31 00:15 . 2013-05-31 00:15    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-05-31 00:15 . 2013-05-31 00:15    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-05-31 00:15 . 2013-05-31 00:15    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-05-31 00:15 . 2013-05-31 00:15    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-05-31 00:15 . 2013-05-31 00:15    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-05-31 00:15 . 2013-05-31 00:15    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-05-31 00:15 . 2013-05-31 00:15    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-05-31 00:15 . 2013-05-31 00:15    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-05-31 00:15 . 2013-05-31 00:15    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-05-31 00:15 . 2013-05-31 00:15    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-05-31 00:15 . 2013-05-31 00:15    441856    ----a-w-    c:\windows\system32\html.iec
2013-05-31 00:15 . 2013-05-31 00:15    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-05-31 00:15 . 2013-05-31 00:15    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-05-31 00:15 . 2013-05-31 00:15    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-05-31 00:15 . 2013-05-31 00:15    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-05-31 00:15 . 2013-05-31 00:15    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-05-31 00:15 . 2013-05-31 00:15    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-05-31 00:15 . 2013-05-31 00:15    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-05-31 00:15 . 2013-05-31 00:15    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-05-31 00:15 . 2013-05-31 00:15    235008    ----a-w-    c:\windows\system32\url.dll
2013-05-31 00:15 . 2013-05-31 00:15    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-05-31 00:15 . 2013-05-31 00:15    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-05-31 00:15 . 2013-05-31 00:15    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-05-31 00:15 . 2013-05-31 00:15    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-05-31 00:15 . 2013-05-31 00:15    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-05-31 00:15 . 2013-05-31 00:15    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-05-31 00:15 . 2013-05-31 00:15    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-05-31 00:15 . 2013-05-31 00:15    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-05-31 00:15 . 2013-05-31 00:15    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-05-31 00:15 . 2013-05-31 00:15    149504    ----a-w-    c:\windows\system32\occache.dll
2013-05-31 00:15 . 2013-05-31 00:15    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-05-31 00:15 . 2013-05-31 00:15    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-05-31 00:15 . 2013-05-31 00:15    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-05-31 00:15 . 2013-05-31 00:15    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-05-31 00:15 . 2013-05-31 00:15    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-05-31 00:15 . 2013-05-31 00:15    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-05-31 00:15 . 2013-05-31 00:15    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-05-31 00:13 . 2013-05-31 00:13    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-05-31 00:13 . 2013-05-31 00:13    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-05-31 00:13 . 2013-05-31 00:13    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-31 00:13 . 2013-05-31 00:13    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-05-31 00:13 . 2013-05-31 00:13    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-31 00:13 . 2013-05-31 00:13    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
2013-05-31 00:13 . 2013-05-31 00:13    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2013-05-31 00:13 . 2013-05-31 00:13    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-31 00:13 . 2013-05-31 00:13    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-05-31 00:13 . 2013-05-31 00:13    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-05-31 00:13 . 2013-05-31 00:13    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-05-31 00:13 . 2013-05-31 00:13    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-05-31 00:13 . 2013-05-31 00:13    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-05-31 00:13 . 2013-05-31 00:13    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-05-31 00:13 . 2013-05-31 00:13    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-05-31 00:13 . 2013-05-31 00:13    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-05-31 00:13 . 2013-05-31 00:13    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2013-05-31 00:13 . 2013-05-31 00:13    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-05-31 00:13 . 2013-05-31 00:13    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-05-31 00:13 . 2013-05-31 00:13    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-05-31 00:13 . 2013-05-31 00:13    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-05-31 00:13 . 2013-05-31 00:13    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-31 00:13 . 2013-05-31 00:13    1988096    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2013-05-31 00:13 . 2013-05-31 00:13    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-05-31 00:13 . 2013-05-31 00:13    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2013-05-31 00:13 . 2013-05-31 00:13    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2013-05-31 00:13 . 2013-05-31 00:13    1238528    ----a-w-    c:\windows\system32\d3d10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}]
c:\program files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
c:\program files (x86)\uTorrentControl2\prxtbuTor.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6ec5b552-6d23-4e05-a153-32aa26f7d9e8}]
c:\program files (x86)\FLV_Runner_B\prxtbFLV_.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49    176936    ----a-w-    c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-06-26 14:26    3055280    ----a-w-    c:\program files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
c:\program files (x86)\Ask.com\GenericAskToolbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
c:\program files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Spotify"="c:\users\Daley\AppData\Roaming\Spotify\Spotify.exe" [2012-07-31 7601880]
"Spotify Web Helper"="c:\users\Daley\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-31 1193176]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-07 19676256]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-21 98304]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-06 2904984]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-06 36760]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-20 2598520]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-06-26 2236080]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2013-04-22 5687152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Daley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
NexDef Plug-in.lnk - c:\users\Daley\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2011-4-29 276328]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-2-9 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SASDIFSV;SASDIFSV;c:\users\Daley\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS;c:\users\Daley\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Daley\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS;c:\users\Daley\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate1ca23c02371c5ab;Google Update Service (gupdate1ca23c02371c5ab);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys;c:\windows\SYSNATIVE\DRIVERS\FlyUsb.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 RapportCerberus_51755;RapportCerberus_51755;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe;c:\program files (x86)\AVG\AVG2012\avgfws.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MPFP
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 04:21    1173456    ----a-w-    c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-11 17:20]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-23 07:05]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-23 07:05]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3357670943-1882708060-3001534358-1000Core.job
- c:\users\Daley\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 03:37]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3357670943-1882708060-3001534358-1000UA.job
- c:\users\Daley\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-06 03:37]
.
2013-07-09 c:\windows\Tasks\HPCeeScheduleForDaley.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-23 01:17]
.
2013-07-16 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-22 18:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 06:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 06:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 06:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 06:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 06:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 06:57    778192    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
FF - ProfilePath - c:\users\Daley\AppData\Roaming\Mozilla\Firefox\Profiles\wwom4ode.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - ExtSQL: !HIDDEN! 2009-11-01 10:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-03-09 17:54; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-SearchSettings - c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
AddRemove-Coupon Companion Plugin - c:\program files (x86)\Coupon Companion Plugin\Uninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-16  23:16:24
ComboFix-quarantined-files.txt  2013-07-17 06:16
ComboFix2.txt  2013-07-16 07:51
ComboFix3.txt  2013-07-15 20:15
.
Pre-Run: 199,874,928,640 bytes free
Post-Run: 199,553,650,688 bytes free
.
- - End Of File - - 3E07FA665587B8854878DCFF56EF2EA3
03BA8F890B47C0BE359A4D5A636D214D
 



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:18 AM

Posted 17 July 2013 - 01:55 AM

Then we need the other logs as well


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 Oddman666

Oddman666
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 17 July 2013 - 02:04 AM

Sorry. I ran ADW and got this. Running security check now.

 

AdwCleaner log:

 

# AdwCleaner v2.305 - Logfile created 07/16/2013 at 23:34:14
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Daley - DALEY-PC
# Boot Mode : Normal
# Running from : C:\Users\Daley\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\uTorrentControl_v2
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Daley\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Daley\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Daley\AppData\Local\Conduit
Folder Deleted : C:\Users\Daley\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\Daley\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Daley\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Daley\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Daley\AppData\LocalLow\FLV_Runner_B
Folder Deleted : C:\Users\Daley\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Daley\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Daley\AppData\LocalLow\uTorrentControl_v2
Folder Deleted : C:\Users\Daley\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Daley\AppData\Roaming\Mozilla\Firefox\Profiles\wwom4ode.default\ConduitCommon
Folder Deleted : C:\Users\Daley\AppData\Roaming\Mozilla\Firefox\Profiles\wwom4ode.default\CT3072253
Folder Deleted : C:\Users\Daley\AppData\Roaming\Mozilla\Firefox\Profiles\wwom4ode.default\CT3220468
Folder Deleted : C:\Users\Daley\AppData\Roaming\Mozilla\Firefox\Profiles\wwom4ode.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Deleted : C:\Users\Daley\AppData\Roaming\Mozilla\Firefox\Profiles\wwom4ode.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Folder Deleted : C:\Users\Daley\AppData\Roaming\Mozilla\Firefox\Profiles\wwom4ode.default\Smartbar
Folder Deleted : C:\Users\Daley\AppData\Roaming\Mozilla\Firefox\Profiles\wwom4ode.default\StumbleUpon
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\FLV_Runner_B
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FLV_Runner_B
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8807455B-2A3A-48F6-841D-59743F106777}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282137
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\FLV_Runner_B
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8807455B-2A3A-48F6-841D-59743F106777}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EC5B552-6D23-4E05-A153-32AA26F7D9E8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8807455B-2A3A-48F6-841D-59743F106777}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A69A6C6-A51D-4741-8C07-805B9661778B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DF2DFF9-69D5-40A4-B19F-4377FAFC1B0F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8D78230-4784-4C0C-A480-985399174624}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8817216-4521-4485-93F4-622965B2FEF4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9DD53A7-06EC-4AD9-89E9-52A01DE71824}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBB709C0-4C38-460C-A8D9-EFB728858AA7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EC5B552-6D23-4E05-A153-32AA26F7D9E8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{6EC5B552-6D23-4E05-A153-32AA26F7D9E8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={70FEBDD8-911E-4FE3-B79B-9B15724DB91D}&mid=0c4ca68b18c247d186aad16f5ece4f04-84e4dc11805b0c9c14c8e0814f47758b1530c61f&lang=en&ds=AVG&pr=pr&d=2011-12-19 08:48:46&v=9.0.0.21&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Daley\AppData\Roaming\Mozilla\Firefox\Profiles\wwom4ode.default\prefs.js

Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072253.AppTrackingLastCheckTime", "Sun Aug 12 2012 17:10:46 GMT-0700 (Pacific Daylight[...]
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_130067979083742856", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_1359634299000", true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CurrentServerDate", "17-7-2013");
Deleted : user_pref("CT3072253.DSInstall", false);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Mon Jul 15 2013 17:02:37 GMT-0700 (Pacific Standa[...]
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.FirstServerDate", "27-5-2012");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072253.HPInstall", false);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3072253.HomepageBeforeUnload", "www.yahoo.com");
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3072253.InstallationId", "fft46F1.tmp.exe");
Deleted : user_pref("CT3072253.InstallationType", "XPE");
Deleted : user_pref("CT3072253.InstalledDate", "Sun May 27 2012 08:50:21 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Thu Jun 27 2013 16:55:08 GMT-0700 (Pacific Standar[...]
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.0.8", "Mon May 28 2012 17:22:11 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.2.3", "Thu May 31 2012 07:53:53 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Mon Jul 16 2012 19:31:42 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Mon Aug 27 2012 15:32:03 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.15.1.0", "Sat Nov 10 2012 18:34:50 GMT-0800 (Pacific Standard Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.16.0.3", "Mon Feb 11 2013 13:29:13 GMT-0800 (Pacific Standard Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.18.0.7", "Mon Jul 15 2013 13:54:06 GMT-0700 (Pacific Standard Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.19.0.3", "Tue Jul 16 2013 22:57:08 GMT-0700 (Pacific Standard Time)[...]
Deleted : user_pref("CT3072253.LatestVersion", "3.19.0.3");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.12.0.8");
Deleted : user_pref("CT3072253.RadioShrinked", "shrinked");
Deleted : user_pref("CT3072253.RadioShrinkedFromSetup", true);
Deleted : user_pref("CT3072253.SHRINK_TOOLBAR", 0);
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "AVG Secure Search");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Tue Jul 16 2013 22:57:05 GMT-0700 (Pacific Stand[...]
Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);
Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Tue Jul 16 2013 22:57:08 GMT-0700 (Pacific Standard [...]
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Tue Jul 16 2013 22:57:03 GMT-0700 (Pacific Standard Ti[...]
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1373962352");
Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Sun Aug 19 2012 17:58:58 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", true);
Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072253.UserID", "UN71068979436661073");
Deleted : user_pref("CT3072253.ValidationData_Toolbar", 2);
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.autoDisableScopes", -1);
Deleted : user_pref("CT3072253.backendstorage.cb_experience_000", "34");
Deleted : user_pref("CT3072253.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT3072253.backendstorage.cb_user_id_000", "43423538363833313034373530305F46697265666F78")[...]
Deleted : user_pref("CT3072253.backendstorage.cbcountry_000", "5553");
Deleted : user_pref("CT3072253.backendstorage.cbcountry_001", "5553");
Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "53756E204D617920323720323031322030383A35303A32342[...]
Deleted : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F7777772E696E646565642E636F6D2F7[...]
Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Wed Aug 22 2012 17:10:35 GMT-0700 (Pacific [...]
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", false);
Deleted : user_pref("CT3072253.isFirstRadioInstallation", false);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...]
Deleted : user_pref("CT3072253.revertSettingsEnabled", false);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Tue Jul 16 2013 22:57:08 GMT-0700 (Pacific S[...]
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon Aug 27 2012 15:32:04 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT3072253.usagesFlag", 2);
Deleted : user_pref("CT3220468.129571859753082121.isToggled_item0_11", "true");
Deleted : user_pref("CT3220468.129813684259252248.APP_WIN_FEATURES", "resizable=0,saveresizedsize=0,titlebar=0[...]
Deleted : user_pref("CT3220468.3340973282538731408.APP_WIN_FEATURES", "openposition=offset:50;50,savelocation=[...]
Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1346468416,\"uuid\":531503381527417,\"seq_id\":12,\"s[...]
Deleted : user_pref("CT3220468.BT_Usage", "{\"uuid\":531503381527417,\"seq_id\":1}");
Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3220468.FirstTime", "true");
Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true);
Deleted : user_pref("CT3220468.RevertSettingsEnabled", false);
Deleted : user_pref("CT3220468.UserID", "UN44302179889708770");
Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3220468.autoDisableScopes", -1);
Deleted : user_pref("CT3220468.cb_experience_000", "48");
Deleted : user_pref("CT3220468.cb_firstuse0100", "1");
Deleted : user_pref("CT3220468.cbcountry_001", "US");
Deleted : user_pref("CT3220468.cbfirsttime", "Sat Aug 18 2012 16:57:37 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT3220468.countryCode", "US");
Deleted : user_pref("CT3220468.defaultSearch", "FALSE");
Deleted : user_pref("CT3220468.enableAlerts", "always");
Deleted : user_pref("CT3220468.enableFix404ByUser", "FALSE");
Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3220468.fixUrls", true);
Deleted : user_pref("CT3220468.fullUserID", "UN44302179889708770.UP.20130709151125");
Deleted : user_pref("CT3220468.homepageuserchanged", true);
Deleted : user_pref("CT3220468.installId", "fft2BC2.tmp.exe");
Deleted : user_pref("CT3220468.installType", "XPE");
Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3220468.isNewTabEnabled", true);
Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3220468.lastVersion", "10.16.4.519");
Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);
Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.bleepingcomp[...]
Deleted : user_pref("CT3220468.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.openThankYouPage", "true");
Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Deleted : user_pref("CT3220468.search.searchCount", "0");
Deleted : user_pref("CT3220468.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.searchSuggestEnabledByUser", "false");
Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3220468.serviceLayer_services_Configuration_lastUpdate", "1374013469034");
Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1346252489132");
Deleted : user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1345334256977");
Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1346470793122");
Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1345334256005");
Deleted : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1373406639898");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.20.14_lastUpdate", "1346106846262");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353276232469");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358633848195");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364428243104");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359676068903");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate", "1361115972918");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363223620912");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369346625434");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.2.509_lastUpdate", "1373406640300");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374042780271");
Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1345334256425");
Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1374013468470");
Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1374013468375");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1345334255946");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1374042780056");
Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1372378538446");
Deleted : user_pref("CT3220468.settingsINI", true);
Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3220468.showToolbarPermission", "false");
Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Deleted : user_pref("CT3220468.toolbarBornServerTime", "19-8-2012");
Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "17-7-2013");
Deleted : user_pref("CT3220468.toolbarLoginClientTime", "Wed Mar 13 2013 18:25:45 GMT-0700 (Pacific Daylight T[...]
Deleted : user_pref("CT3220468.upgradeFromClearSBVersion", true);
Deleted : user_pref("CT3220468.url_history0001", "hxxp://googleads.g.doubleclick.net/aclk?sa=l&ai=BU0ul6pdBUMS[...]
Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"5b0[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Daley\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid=%7B1b4[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Deleted : user_pref("CommunityToolbar.globalUserId", "7ec7be5b-9866-463d-a2e4-3e216bfa8f19");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Aug 27 2012 16:13:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Sep 01 2012 11:24:23 GMT-0700 (P[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "d7146aab-05f2-44e8-9864-eed64a388ca9");
Deleted : user_pref("CommunityToolbar.originalHomepage", "www.yahoo.com");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "AVG Secure Search");
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.3.0.11")[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1360381010);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.searchUserConifrmation", fal[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.active", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.addressbar", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundver", 38);
Deleted : user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1360381010");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.value", "1360381010");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.expiration", "Tue Jul 16 2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.value", "%22%28function%28[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.expiration", "Tue Jul 16 2013 2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_cf_bu1.value", "1361224095");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.expiration", "Mon Jul 22 201[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.value", "1374042655");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.value", "%221372075217%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_disclosure_tmp.expiration", "Tue Jul 1[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_disclosure_tmp.value", "1374042660");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.value", "%7B%22source_id[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.value", "%221360364129%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.value", "%2214019%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.value", "1360382734347");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.value", "%221175%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.value", "%22141258%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.value", "1360382624850");
Deleted : user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp21804.21804.domain", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.group", 0);
Deleted : user_pref("extensions.crossriderapp21804.21804.homepage", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.iframe", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "54");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Wed Jul [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.expiration", "F[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.value", "%7B%22[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.value", "%7B%22AnySoftwar[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin");
Deleted : user_pref("extensions.crossriderapp21804.21804.newtab", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.opensearch", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 6);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 15);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.code", "var a=appAPI.db.getLis[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 39);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 5);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 9);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 4);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 4);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 4);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 4);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 3);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.code", "(function(){var b=\"cr_\"+a[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.name", "omniCommands");
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.ver", 2);
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,100[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,2[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsversion", 51);
Deleted : user_pref("extensions.crossriderapp21804.21804.publisher", "Innovative Apps");
Deleted : user_pref("extensions.crossriderapp21804.21804.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp21804.21804.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp21804.21804.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.thankyou", "");
Deleted : user_pref("extensions.crossriderapp21804.21804.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp21804.21804.ver", 54);
Deleted : user_pref("extensions.crossriderapp21804.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp21804.apps", "21804");
Deleted : user_pref("extensions.crossriderapp21804.bic", "13cbd081fc88a74e68bcfde2747b9554");
Deleted : user_pref("extensions.crossriderapp21804.cid", 21804);
Deleted : user_pref("extensions.crossriderapp21804.firstrun", false);
Deleted : user_pref("extensions.crossriderapp21804.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp21804.installationdate", 1360381092);
Deleted : user_pref("extensions.crossriderapp21804.lastcheck", 22900711);
Deleted : user_pref("extensions.crossriderapp21804.lastcheckitem", 22900711);
Deleted : user_pref("extensions.crossriderapp21804.modetype", "production");
Deleted : user_pref("extensions.crossriderapp21804.reportInstall", true);
Deleted : user_pref("extensions.crossriderapp21804.updating", true);
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...]
Deleted : user_pref("smartbar.machineId", "W28OLE0WZ8Y9X4GMNBXGRVWIJKW1C3U5FQNA/5AIJ1GEYXD3ISY/PAEWPKCAX2RT5WK[...]

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Daley\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"backup":{"_signature":"p40ZQkbUU5fyAyxJbmGtWH4QXEgb6KBlR9U4mhoBvfI=","browser":{"show_home_button"[...]

*************************

AdwCleaner[S1].txt - [359 octets] - [16/07/2013 23:33:45]
AdwCleaner[S2].txt - [61705 octets] - [16/07/2013 23:34:14]

########## EOF - C:\AdwCleaner[S2].txt - [61766 octets] ##########
 



#15 Oddman666

Oddman666
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 17 July 2013 - 02:20 AM

And Security Check Log:

 

 Results of screen317's Security Check version 0.99.69  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
AVG Premium Security 2012   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 TuneUp Companion 2.4.6.4   
 AVG PC Tuneup 2011  
 Java™ 6 Update 31  
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (22.0)
 Google Chrome 28.0.1500.71  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 AVG avgtray.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users