Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Security Pro took over my Windows 7 laptop


  • This topic is locked This topic is locked
24 replies to this topic

#1 Carlady

Carlady

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 21 August 2013 - 10:03 PM

Hello, stalwart soldiers of Bleeping Computer!

 

My daughter's Dell laptop ran just fine this morning...then she downloaded a zipped file containing an audiobook of "Crime and Punishment" from iTunes which I believe included the "Internet Security Pro" malware. Ironically, she has, to my knowledge, committed no crimes, yet now a double punishment - an unusable computer and she still has to read about 300 pages of the book before school starts.

 

Now when the computer is turned on, a popup window over the taskbar alerts that she's been infected and to "click here to fix the problem". She was smart enough not to click, however, nothing else will run. It somehow disabled or got around Kaspersky. Any program we try to start, we get a notice saying, for example "abc.exe has been infected with ...Blaster virus" and it won't start.

 

We have disabled our Wi-Fi so the laptop cannot connect to the internet - I'm using another computer with direct connection.

 

Before I run DDS - is it safe to download to my computer, transfer to her computer with a thumb drive, install there, and put the logs on the thumb drive to bring back to my computer? Or will my computer then get infected? Just want to check first.

 

Thank you for everything that you do!

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:27 PM

Posted 26 August 2013 - 10:41 AM

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.[/list]Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

If needed.
The scan will also create this Attach.txt log I would also like to see the content.
Please post it in a other post for my review, do not attach the file.

#3 Carlady

Carlady
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 26 August 2013 - 03:56 PM

Greetings, Nasdaq. Thank you for your help.

 

I ended up downloading all 3 of your DDS versions, transferring them to a thumb drive, and copying them onto my daughter's computer's desktop. Before I post the log files, just a quick note of what happened when I tried to run each of them.

 

First off, I *think* I'm running in safe mode. I pressed F8, told the computer to boot in safe mode, but the windows desktop looks just the same, so, I'm not sure. (Sadly I'm still running Win XP on my own computer, so am not familiar with Win 7 look of my daughter's computer).

 

Tried to run DDS.com.  A popup boxed labelled "User Account Control" asked "Do you want to allow the following program from an unknown publisher to make changes to your computer?"  I wasn't sure from your instructions (quote)

| A small box will open, with an explanation about the tool. No input is needed, the scan is running.

whether this was the "small box" you were talking about. After 5 min with nothing happening, I clicked yes and got a message from Internet Security Pro that dds.com failed to run.

 

Tried to run DDS.scr. The notepad immediately popped up, full of unintelligible gobbledygook.

 

Tried to run DDS.pif (which downloaded as DDS.exe). It immediately opened a box with notes & options for the DDS.exe tool. I waited several minutes - nothing happened - then went ahead and clicked the Start button. So - you may want to update your instructions quoted above. Anyway - that DID run, and I have the two logs you requested.

 

Here is the DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by Kate at 15:26:54 on 2013-08-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6077.3806 [GMT -5:00]
.
AV: Kaspersky PURE *Enabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky PURE *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky PURE *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Users\Kate\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://isearch.avg.com/?cid={8C36C4F3-5CF6-47C4-858B-28A1284182CF}&mid=21cac951e46847d09a98d16dae60d63b-6b578483cb9daecae896090a7f5d430a1b41c63d&lang=en&ds=ft011&pr=sa&d=2012-06-09 12:38:57&v=12.2.5.32&sap=hp
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
BHO: Fast Free Converter 4.1: {8232785C-5C98-4A6E-B7B4-911FFBED7582} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
BHO: DealPly: {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.5.0.2\AVG Secure Search_toolbar.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Akamai NetSession Interface] "C:\Users\Kate\AppData\Local\Akamai\netsession_win.exe"
uRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
uRun: [Internet Security] C:\Users\Kate\AppData\Roaming\isprotection.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [RealTray] C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [FromDocToPDF Search Scope Monitor] "C:\PROGRA~2\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /h
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
mRun: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a
dRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
StartupFolder: C:\Users\Kate\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Kate\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: bmnet.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 10.0.0.12
TCP: Interfaces\{0CDF6106-115D-4BC3-B23B-CBCE8F43BD22} : DHCPNameServer = 10.0.0.12
TCP: Interfaces\{0CDF6106-115D-4BC3-B23B-CBCE8F43BD22}\34D455 : DHCPNameServer = 128.2.1.11 128.2.1.10
TCP: Interfaces\{0CDF6106-115D-4BC3-B23B-CBCE8F43BD22}\7456E6472797 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{0CDF6106-115D-4BC3-B23B-CBCE8F43BD22}\77962756C6563737 : DHCPNameServer = 10.0.0.2
TCP: Interfaces\{385B4EA6-F6A1-4DD8-92F1-D0BE26D3D6E7} : DHCPNameServer = 10.0.0.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
AppInit_DLLs=   C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ievkbd.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={8C36C4F3-5CF6-47C4-858B-28A1284182CF}&mid=21cac951e46847d09a98d16dae60d63b-6b578483cb9daecae896090a7f5d430a1b41c63d&lang=en&ds=ft011&pr=sa&d=2012-06-09 12:38:57&pid=avg&sg=0&v=15.3.0.11&sap=ku&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extentions.y2layers.installId - b489680a-3157-4763-a968-c0e2ad754726
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics,YontooNewOffers
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=22ee918b000000000000001de1352995&q=
FF - user.js: extensions.BabylonToolbar.id - 22ee918b000000000000001de1352995
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15628
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.819:47:49
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2011-12-8 85048]
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\System32\drivers\klbg.sys [2009-10-14 40464]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdflt.sys [2011-8-26 18792]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-3 45856]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2011-12-8 66104]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-9-14 27152]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-8-25 92160]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-8-25 202752]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
R2 AVP;Kaspersky PURE;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe [2010-10-1 348760]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-9-15 403456]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648]
R2 FastFreeConverterUpdt;FastFreeConverterUpdt;C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [2012-11-26 687104]
R2 FromDocToPDF_65Service;FromDocToPDFService;C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe [2013-3-17 42504]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2011-8-26 60928]
R2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;C:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-7 848184]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-5-4 81408]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-26 2320920]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-19 1643184]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-9-15 907264]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2011-8-25 23912]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2011-8-25 71168]
R3 bpmp;bpmp;C:\Windows\System32\drivers\bpmp.sys [2011-8-25 174592]
R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2011-8-25 81920]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-8-27 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-8-25 56344]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-8-25 320040]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-10-2 21008]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2011-8-25 6952960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2008-11-20 113152]
S3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2008-11-20 125440]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-10 1471352]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2008-11-20 43032]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-8-25 220672]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-27 59392]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-28 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-08-26 20:04:00    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{77682185-1B10-49FB-B855-816B504EC6AF}\offreg.dll
2013-08-21 18:39:24    849920    ----a-w-    C:\Users\Kate\AppData\Roaming\isprotection.exe
2013-08-21 18:39:24    849920    ----a-w-    C:\Users\Kate\AppData\Roaming\35B6.tmp
2013-08-20 16:37:42    9460976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{77682185-1B10-49FB-B855-816B504EC6AF}\mpengine.dll
2013-08-19 20:47:25    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-08-19 20:47:25    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-08-19 20:47:25    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-08-19 20:47:25    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-08-19 20:47:25    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-08-19 20:47:25    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-08-19 20:47:25    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-08-19 20:47:25    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-08-19 20:45:38    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-08-19 20:45:38    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-08-19 20:45:34    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-08-19 20:45:34    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-08-19 20:45:34    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-19 20:45:34    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-08-19 20:45:33    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2013-08-19 20:45:33    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-08-13 01:21:56    --------    d-----w-    C:\Users\Kate\AppData\Roaming\Bytemobile
2013-08-13 01:21:52    --------    d-----w-    C:\Users\Kate\AppData\Local\DBUpdater
2013-08-13 01:21:46    --------    d-----w-    C:\Users\Kate\AppData\Local\AT&T
2013-08-13 01:20:57    30088    ----a-w-    C:\Windows\System32\drivers\swmsflt.sys
2013-08-13 01:20:27    --------    d-----w-    C:\Program Files\Common Files\Motorola Shared
2013-08-13 01:20:15    --------    d-----w-    C:\Program Files (x86)\Common Files\PctelEapPeer Authentication
2013-08-13 01:20:14    --------    d-----w-    C:\ProgramData\AT&T
2013-08-13 01:20:14    --------    d-----w-    C:\Program Files\Common Files\Research in Motion
2013-08-13 01:20:14    --------    d-----w-    C:\Program Files (x86)\Common Files\Research in Motion
2013-08-13 01:20:13    --------    d-----w-    C:\Program Files (x86)\AT&T
2013-08-13 01:16:11    --------    d-----w-    C:\Program Files\Option
2013-08-13 01:13:50    --------    d-----w-    C:\Users\Kate\AppData\Roaming\Sierra Wireless
2013-08-13 01:13:50    --------    d-----w-    C:\Program Files (x86)\Sierra Wireless Inc
2013-07-28 04:26:21    --------    d-----w-    C:\Users\Kate\AppData\Local\cache
2013-07-28 02:02:47    --------    d-----w-    C:\ProgramData\FARO
2013-07-28 01:44:36    239960    ----a-w-    C:\Windows\SysWow64\xactengine3_7.dll
2013-07-28 01:44:36    176984    ----a-w-    C:\Windows\System32\xactengine3_7.dll
2013-07-28 01:44:35    1907552    ----a-w-    C:\Windows\System32\d3dcsx_43.dll
2013-07-28 01:44:35    1868128    ----a-w-    C:\Windows\SysWow64\d3dcsx_43.dll
2013-07-28 01:22:17    --------    d-----w-    C:\ProgramData\Applications
.
==================== Find3M  ====================
.
2013-08-21 16:52:10    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 16:52:10    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-19 20:31:31    45856    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-07-26 05:13:37    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-26 05:12:08    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 15:28:00.10 ===============
 


Edited by Carlady, 26 August 2013 - 08:29 PM.


#4 Carlady

Carlady
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 26 August 2013 - 04:00 PM

And here is the Attach.txt log:

Thank you again for helping us! And I hope whatever you are interested in on the Nasdaq exchange is profitable!

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/26/2011 4:57:37 PM
System Uptime: 8/26/2013 2:57:12 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0133D9
Processor: Intel® Core™ i7 CPU       Q 720  @ 1.60GHz | CPU 1 | 928/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 329.82 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP240: 7/27/2013 8:22:51 PM - Installed Autodesk Download Manager
RP241: 7/27/2013 8:42:55 PM - Installed DirectX
RP242: 7/27/2013 11:47:00 PM - Windows Update
RP243: 8/2/2013 5:58:59 PM - Windows Update
RP244: 8/6/2013 8:54:00 PM - Windows Update
RP245: 8/12/2013 8:19:02 PM - Installed AT&T Communication Manager.
RP246: 8/19/2013 3:34:46 PM - Windows Update
RP247: 8/20/2013 3:01:32 AM - Windows Update
RP249: 8/21/2013 4:36:56 PM - Windows Defender Checkpoint
RP250: 8/21/2013 4:49:32 PM - Removed Microsoft Office Access Runtime (English) 2007
RP254: 8/26/2013 3:14:29 PM - Windows Defender Checkpoint
.
==== Installed Programs ======================
.
1ClickDownloader
Accelerometer
ACID Music Studio 8.0
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Design Premium
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Communication Manager
ATI Catalyst Control Center
AutoCAD 2014 - English
AutoCAD 2014 Language Pack - English
Autodesk 360
Autodesk App Manager
Autodesk AutoCAD 2014 - English
Autodesk Content Service
Autodesk Content Service Language Pack
Autodesk Design Review 2012
Autodesk Download Manager
Autodesk Featured Apps
Autodesk Inventor Content Center Libraries 2012 (Desktop Content)
Autodesk Inventor Fusion 2012
Autodesk Inventor Fusion 2012 Language Pack
Autodesk Inventor Fusion for Inventor 2012 Add-in
Autodesk Inventor Fusion for Inventor 2012 Add-in Language Pack
Autodesk Inventor Professional 2012
Autodesk Inventor Professional 2012 English
Autodesk Inventor Professional 2012 English Language Pack
Autodesk Material Library 2012
Autodesk Material Library 2014
Autodesk Material Library Base Resolution Image Library 2012
Autodesk Material Library Base Resolution Image Library 2014
Autodesk Material Library Low Resolution Image Library 2012
Autodesk ReCap
Autodesk ReCap Language Pack-English
AVG Security Toolbar
Babylon toolbar
Banctec Service Agreement
Bonjour
Bundled software uninstaller
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CDDRV_Installer
CLEAR™ WiMAX Tutorial
Click to Call with Skype
DealPly
DealPly (remove only)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Dock
Dell Edoc Viewer
Dell Webcam Central
Driver Installer
ECCO Pro 4.01
Eco Materials Adviser (x64)
erLT
FARO LS 1.1.501.0 (64bit)
Fast Free Converter
FromDocToPDF Toolbar
Google Chrome
Google SketchUp 8
Google Update Helper
GoToAssist Corporate
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Intel PROSet Wireless
Intel® Management Engine Components
Intel® PROSet/Wireless WiFi Software
Intel® Turbo Boost Technology Monitor
Intel® PROSet/Wireless WiMAX Software
IrfanView (remove only)
iTunes
Java Auto Updater
Java™ 6 Update 24
Java™ 6 Update 24 (64-bit)
Kaspersky PURE
KhalInstallWrapper
Live! Cam Avatar Creator
Logitech SetPoint
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Runtime (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft Zoo Tycoon
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
PDF Settings CS5
Photoelectric Effect
Quick Uninstall Tool for Autodesk Inventor 2012
Quickset64
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
SketchUp Import for AutoCAD 2014
Skins
Skype™ 6.3
Spybot - Search & Destroy
swMSM
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VBA (2627.01)
Yontoo 1.10.02
.
==== Event Viewer Messages From Past Week ========
.
8/26/2013 3:00:16 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  tcpipBM
8/26/2013 3:00:15 PM, Error: Service Control Manager [7022]  - The Kaspersky PURE service hung on starting.
8/26/2013 2:57:33 PM, Error: Service Control Manager [7000]  - The ASCTRM service failed to start due to the following error:  This driver has been blocked from loading
8/26/2013 2:57:33 PM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\Drivers\ASCTRM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/26/2013 2:57:21 PM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\Drivers\tcpipBM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/26/2013 2:54:49 PM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
8/21/2013 4:20:21 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.
8/21/2013 4:20:21 PM, Error: Service Control Manager [7000]  - The Autodesk Content Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/19/2013 3:28:11 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager service to connect.
8/19/2013 3:28:11 PM, Error: Service Control Manager [7000]  - The Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/19/2013 3:26:25 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet/Wireless Event Log service to connect.
8/19/2013 3:26:25 PM, Error: Service Control Manager [7000]  - The Intel® PROSet/Wireless Event Log service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:27 PM

Posted 27 August 2013 - 08:13 AM

One or the restore function of Windows 7 is the use of the Last Good Configuration.
http://windows.microsoft.com/en-CA/windows7/Using-Last-Known-Good-Configuration

Follow the instructions on the page.
===

Let me know how it went and post a fresh DDS log for my review.

Let me know also what problem persists.

#6 Carlady

Carlady
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 27 August 2013 - 09:07 AM

Here are my results:

 

When I restarted with the "Last Known Good Configuration" it is still showing all the same badness from Internet Security. No difference.

 

And now it will not allow DDS to run - I get a popup box over in the bottom right corner saying that dds.exe will not run because it's "infected with the ... Blaster virus".


Edited by Carlady, 27 August 2013 - 09:09 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:27 PM

Posted 27 August 2013 - 09:43 AM

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

#8 Carlady

Carlady
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 27 August 2013 - 11:19 AM

It's a 64-bit machine, so ran the RogueKiller64 version.

 

Scanned, deleted, and here is the report:

 

RogueKiller V8.6.6 _x64_ [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kate [Admin rights]
Mode : Remove -- Date : 08/27/2013 10:56:06
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Internet Security (C:\Users\Kate\AppData\Roaming\isprotection.exe [-]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-3996959125-2928198953-2889744793-1000\[...]\Run : Internet Security (C:\Users\Kate\AppData\Roaming\isprotection.exe [-]) -> [0x2] The system cannot find the file specified.
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 5 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{E57BDCF0-F1D4-44EF-B58A-357293326C21}.exe - --uninstall=1 [x] -> DELETED
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv.job : C:\Windows\TEMP\{1AB8F5AB-E87D-48FB-A474-0CA7614327BE}.exe - --uninstall=1 [x] -> DELETED
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv : C:\Windows\TEMP\{1AB8F5AB-E87D-48FB-A474-0CA7614327BE}.exe - --uninstall=1 [x] -> DELETED
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{E57BDCF0-F1D4-44EF-B58A-357293326C21}.exe - --uninstall=1 [x] -> DELETED
[V2][SUSP PATH] DealPly : C:\Users\Kate\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE - /Check [7] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5061GSY +++++
--- User ---
[MBR] 3c5076d632852c57fdd0de7fdd6298de
[BSP] 65392c6b522ee3015665563a17e69a8f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 133 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 274432 | Size: 13766 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28467200 | Size: 463039 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08272013_105606.txt >>
RKreport[0]_S_08272013_105354.txt

 

 

I'm feeling a bit comforted that it apparently found & deleted some of the Internet Security slime.

 



#9 Carlady

Carlady
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 27 August 2013 - 11:27 AM

Then went on to AdwCleaner. Scanned, and looked at the report. Would you mind taking a look before I press the CLEAN button to see if there are some things you think should stay?  Perhaps the doc-to-pdf-converter? Or some of the Firefox extensions? My daughter is in school for next 8 hours & I'd really like to get on with this if possible (and, of course, if convenient for you). I truly appreciate this, and all the work of others at BleepingComputer.  I will await your answer before proceeding with CLEAN or the Junkware Removal process.

 

Also - can I reboot the computer? I have not since installing RogueKiller.

 

Here is the AdwCleaner report:

 

# AdwCleaner v3.001 - Report created 27/08/2013 at 11:01:25
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kate - KATE-PC
# Running from : C:\Users\Kate\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : FromDocToPDF_65Service

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
File Found : C:\Users\Kate\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Found : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\Extensions\OneClickDownload@OneClickDownload.com.xpi
File Found : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\Extensions\plugin@yontoo.com.xpi
File Found : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\searchplugins\my-web-search.xml
File Found : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\searchplugins\Search_Results.xml
File Found : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\user.js
File Found : C:\Windows\System32\Tasks\DealPlyUpdate
File Found : C:\Windows\SysWOW64\f3PSSavr.scr
Folder Found : C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Folder Found : C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\Extensions\amo@dealplyshopping.com
Folder Found : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\Extensions\m3ffxtbr@mywebsearch.com
Folder Found C:\Program Files (x86)\1ClickDownload
Folder Found C:\Program Files (x86)\AVG Secure Search
Folder Found C:\Program Files (x86)\BabylonToolbar
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\DealPly
Folder Found C:\Program Files (x86)\FromDocToPDF_65
Folder Found C:\Program Files (x86)\Yontoo
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\Users\Kate\AppData\Local\AVG Secure Search
Folder Found C:\Users\Kate\AppData\Local\Bundled software uninstaller
Folder Found C:\Users\Kate\AppData\Local\FromDocToPDF_65
Folder Found C:\Users\Kate\AppData\Local\Ilivid Player
Folder Found C:\Users\Kate\AppData\Local\PackageAware
Folder Found C:\Users\Kate\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\Kate\AppData\LocalLow\FunWebProducts
Folder Found C:\Users\Kate\AppData\LocalLow\MyWebSearch
Folder Found C:\Users\Kate\AppData\LocalLow\searchquband
Folder Found C:\Users\Kate\AppData\Roaming\Babylon
Folder Found C:\Users\Kate\AppData\Roaming\DealPly
Folder Found C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Found C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\FromDocToPDF_65
Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DealPly
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : [x64] HKCU\Software\BabylonToolbar
Key Found : [x64] HKCU\Software\BI
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DealPly
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Key Found : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{504B4AA9-9952-4490-B0E1-80A5321C35F7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A0CF6CB9-2276-4F30-B841-05A67067ACE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F96EE2EF-FE15-4878-AECD-BC367F12C70F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller
Key Found : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1
Key Found : HKLM\SOFTWARE\Classes\oneclick
Key Found : HKLM\SOFTWARE\Classes\oneclickmg
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\DealPly
Key Found : HKLM\Software\FromDocToPDF_65
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_apple-garageband_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_apple-garageband_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Found : [x64] HKLM\SOFTWARE\DataMngr
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF Search Scope Monitor]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [65ffxtbr@FromDocToPDF_65.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://isearch.avg.com/?cid={8C36C4F3-5CF6-47C4-858B-28A1284182CF}&mid=21cac951e46847d09a98d16dae60d63b-6b578483cb9daecae896090a7f5d430a1b41c63d&lang=en&ds=ft011&pr=sa&d=2012-06-09 12:38:57&v=12.2.5.32&sap=hp

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\prefs.js ]

Line Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\13.2.0.5");
Line Found : user_pref("extensions.BabylonToolbar.admin", false);
Line Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Found : user_pref("extensions.BabylonToolbar.id", "22ee918b000000000000001de1352995");
Line Found : user_pref("extensions.BabylonToolbar.instlDay", "15628");
Line Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=22ee918b000000000000001de1352995&q=");
Line Found : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Line Found : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Line Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.819:47:49");
Line Found : user_pref("extensions.crossrider.bic", "137d254afd74bfe9b1cc52bf30ff0a13");
Line Found : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1339264553);
Line Found : user_pref("extensions.crossriderapp2258.2258.active", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.addressbarenhanced", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Line Found : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n//\n");
Line Found : user_pref("extensions.crossriderapp2258.2258.backgroundver", 18);
Line Found : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1339264553");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1339264553");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.expiration", "Sun Jan 20 2013 12:16:05 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.expiration", "Wed Jan 23 2013 18:59:18 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.value", "%22US%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1358303561");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.value", "%221357677859%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1346188791598");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%2221%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[freescore360.com].expiration", "Tue Dec 25 2012 23:19:47 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[freescore360.com].value", "1355894387");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[pogo.com].expiration", "Mon Dec 03 2012 19:04:54 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[pogo.com].value", "1353978294");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2243886%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1346019323509");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.lastrequest.value", "%7B%22path%22%3A%22/watch/294266%22%2C%22host%22%3A%22www.hulu.com%22%2C%22scheme%22%3A%22hxxp%22%7D");
Line Found : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Line Found : user_pref("extensions.crossriderapp2258.2258.domain", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.group", 0);
Line Found : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "99");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.expiration", "Wed Jan 16 2013 02:32:45 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.value", "true");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D");
Line Found : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:21,baseCDN:\"contentcache-a.akamaihd.net[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Line Found : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Object[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 12);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(d){console.log(d)},factor:1,preinit:function(){_G[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 6);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "// CrossriderAppUtils\n\n/**\n * Crossrider appAPI.selectedText. Plugin for text selection event \n * Provide your callback and g[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 2);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "// Initialize appAPI if it does not exist already.\nif(typeof(appAPI) === \"undefined\") {\n  // This will happen for IE.\n  appA[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 2);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*99999999999999)+\"Z\"+(new Date()).get[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!=true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&typeo[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 4);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 3);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(function(){var A={appId:(fu[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.name", "appApiMessage");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var j={};var e=appAPI.appInfo.name;var k=function(q,p,r){var o=\"[\"[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.name", "appApiValidation");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.code", "(function(a){if(typeof a===\"undefined\"||typeof navigator===\"undefined\"||typeof navigator.userAgent===\"undefined\"){return;}a[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.name", "CrossriderInfo");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.ver", 2);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "14,78,16,64,47,72,1000015");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,78,13,16,15,64,72,1000014");
Line Found : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/2258/plugins/086/ff/plugins.json");
Line Found : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 28);
Line Found : user_pref("extensions.crossriderapp2258.2258.premium", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Line Found : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Line Found : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Line Found : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Line Found : user_pref("extensions.crossriderapp2258.2258.ver", 103);
Line Found : user_pref("extensions.crossriderapp2258.73407340.InstallationTime", 1339264552);
Line Found : user_pref("extensions.crossriderapp2258.73407340.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit():\"undefined\"!=typeo[...]
Line Found : user_pref("extensions.crossriderapp2258.73407340.backgroundver", 15);
Line Found : user_pref("extensions.crossriderapp2258.73407340.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.73407340.cookie.InstallationTime.value", "1339264552");
Line Found : user_pref("extensions.crossriderapp2258.73407340.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:21,baseCDN:\"contentcache-a.akamaihd[...]
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Ob[...]
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000014.ver", 7);
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function(){null!=appAPI.db.get[...]
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000015.ver", 3);
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.[...]
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_13.name", "CrossriderAppUtils");
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_13.ver", 2);
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}appAPI.JSON={};if(typeof JSON!==\"undefined\"){appAPI.JSON=JSON}else{(function()[...]
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_14.name", "CrossriderUtils");
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_14.ver", 2);
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*99999999999999)+\"Z\"+(new Date())[...]
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_15.name", "FacebookFFIE");
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_15.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_16.code", "(function(f,B){if(typeof(B)==\"undefined\"){b={}}var d=f.appID+\".\";b.appID=f.appID;b.version=f.version;b.platform=f.platfor[...]
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_16.ver", 3);
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, J[...]
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_17.name", "jQuery");
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_17.ver", 3);
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(function(){var A={appId[...]
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_47.name", "resources_background");
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_47.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins_lists.plugins_0", "17,14,16,47,1000015");
Line Found : user_pref("extensions.crossriderapp2258.73407340.plugins_lists.plugins_1", "17,14,13,16,15,1000014");
Line Found : user_pref("extensions.crossriderapp2258.73407340.pluginsversion", 15);
Line Found : user_pref("extensions.crossriderapp2258.73407340.ver", 90);
Line Found : user_pref("extensions.crossriderapp2258.apps", "2258");
Line Found : user_pref("extensions.crossriderapp2258.bic", "137d254afd74bfe9b1cc52bf30ff0a13");
Line Found : user_pref("extensions.crossriderapp2258.cid", 2258);
Line Found : user_pref("extensions.crossriderapp2258.firstrun", false);
Line Found : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Line Found : user_pref("extensions.crossriderapp2258.installationdate", 1339264552);
Line Found : user_pref("extensions.crossriderapp2258.lastcheck", 22645278);
Line Found : user_pref("extensions.crossriderapp2258.lastcheckitem", 22645534);
Line Found : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1341194981331");
Line Found : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1341194981304");
Line Found : user_pref("extensions.crossriderapp2258.modetype", "production");
Line Found : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\FireFoxExt\\\\15.5.0.2\",\"mtime\":137694[...]
Line Found : user_pref("extensions.mywebsearch.prevDefaultEngine", "");
Line Found : user_pref("extensions.mywebsearch.prevSelectedEngine", "");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=86D3555B-9A99-43E1-A7A6-A60373F110BE&n=77fcdcda&p2=^HJ^xdm339^YY^us&si=9148");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013060314");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm339^YY^us");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "9148");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "86D3555B-9A99-43E1-A7A6-A60373F110BE");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1370375257454");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.searchHistory", "");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "77001");
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=723B5897-7665-451B-A56D-8B770C133497&n=77ed544e&ptnrS=XPxdm044YYus&si=CJDu6rSPzK8CFeFgTAodzw[...]
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2012042318");
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm044YYus");
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CJDu6rSPzK8CFeFgTAodzwxvcA");
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "723B5897-7665-451B-A56D-8B770C133497");
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1335223837165");
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.recentlyClosed", "{\"list\":[{\"url\":\"hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=bar&ptb=723B5897-7665-451B-A56D-8B770C133497&n=77e[...]
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "doctor who");
Line Found : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "77001");
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=D849D253-50D1-4639-9CE8-7BBE7B92DD70&n=77fc6d25&p2=^Y6^xdm033^YY^us&si=swissconverter");
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.initialized", true);
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", "");
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2013031717");
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm033^YY^us");
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "swissconverter");
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true);
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "D849D253-50D1-4639-9CE8-7BBE7B92DD70");
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1363579215325");
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", false);
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "77001");
Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "videodownloadconverter@mindspark.com");
Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
Line Found : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,ezLooker,pagerage,buzzdock,toprelatedtopics,YontooNewOffers");
Line Found : user_pref("extentions.y2layers.installId", "b489680a-3157-4763-a968-c0e2ad754726");
Line Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={8C36C4F3-5CF6-47C4-858B-28A1284182CF}&mid=21cac951e46847d09a98d16dae60d63b-6b578483cb9daecae896090a7f5d430a1b41c63d&lang=en&ds=ft011&pr=sa&[...]

-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [50675 octets] - [27/08/2013 11:01:25]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [50736 octets] ##########
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:27 PM

Posted 27 August 2013 - 01:15 PM

I suggest you clean everything.

The Doc to PDF program is not recommended.
http://www.systemlookup.com/Startup/26295-65brmon_exe.html

#11 Carlady

Carlady
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 27 August 2013 - 01:31 PM

Okey dokey. I'm off to do that now & will report back when finished. Thanks.



#12 Carlady

Carlady
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 27 August 2013 - 02:54 PM

Ran the AdwCleaner.exe program. Just a note about the instructions (quote)

 

| Check off the elements you wish to keep.

 

might be better stated as: "Uncheck the elements you wish to keep."

 

The system asked for a reboot in the middle of the process, which I did. AdwCleaner produced the following report:

 

# AdwCleaner v3.001 - Report created 27/08/2013 at 13:47:28
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kate - KATE-PC
# Running from : C:\Users\Kate\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : FromDocToPDF_65Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\BabylonToolbar
Folder Deleted : C:\Program Files (x86)\DealPly
Folder Deleted : C:\Program Files (x86)\FromDocToPDF_65
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Kate\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Kate\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Kate\AppData\Local\FromDocToPDF_65
Folder Deleted : C:\Users\Kate\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Kate\AppData\Local\PackageAware
Folder Deleted : C:\Users\Kate\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Kate\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Kate\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Kate\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Kate\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Kate\AppData\Roaming\DealPly
Folder Deleted : C:\Users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\jetpack
Folder Deleted : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\Extensions\amo@dealplyshopping.com
Folder Deleted : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\Extensions\m3ffxtbr@mywebsearch.com
Folder Deleted : C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Folder Deleted : C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
File Deleted : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\Extensions\OneClickDownload@OneClickDownload.com.xpi
File Deleted : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\Extensions\plugin@yontoo.com.xpi
File Deleted : C:\END
File Deleted : C:\Windows\SysWOW64\f3PSSavr.scr
File Deleted : C:\Users\Kate\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\searchplugins\my-web-search.xml
File Deleted : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\user.js
File Deleted : C:\Windows\System32\Tasks\DealPlyUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [65ffxtbr@FromDocToPDF_65.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\oneclick
Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_apple-garageband_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_apple-garageband_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF Search Scope Monitor]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{504B4AA9-9952-4490-B0E1-80A5321C35F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0CF6CB9-2276-4F30-B841-05A67067ACE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F96EE2EF-FE15-4878-AECD-BC367F12C70F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\FromDocToPDF_65
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\Software\FromDocToPDF_65
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\prefs.js ]

Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\13.2.0.5");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "22ee918b000000000000001de1352995");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15628");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=22ee918b000000000000001de1352995&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.819:47:49");
Line Deleted : user_pref("extensions.crossrider.bic", "137d254afd74bfe9b1cc52bf30ff0a13");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1339264553);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.addressbarenhanced", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n//\n");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 18);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1339264553");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1339264553");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.expiration", "Sun Jan 20 2013 12:16:05 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.expiration", "Wed Jan 23 2013 18:59:18 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.value", "%22US%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1358303561");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.value", "%221357677859%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1346188791598");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%2221%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[freescore360.com].expiration", "Tue Dec 25 2012 23:19:47 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[freescore360.com].value", "1355894387");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[pogo.com].expiration", "Mon Dec 03 2012 19:04:54 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[pogo.com].value", "1353978294");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2243886%22");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1346019323509");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.lastrequest.value", "%7B%22path%22%3A%22/watch/294266%22%2C%22host%22%3A%22www.hulu.com%22%2C%22scheme%22%3A%22hxxp%22%7D");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "99");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.expiration", "Wed Jan 16 2013 02:32:45 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:21,baseCDN:\"contentcache-a.akamaihd.net[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Object[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 12);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(d){console.log(d)},factor:1,preinit:function(){_G[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 6);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "// CrossriderAppUtils\n\n/**\n * Crossrider appAPI.selectedText. Plugin for text selection event \n * Provide your callback and g[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "// Initialize appAPI if it does not exist already.\nif(typeof(appAPI) === \"undefined\") {\n  // This will happen for IE.\n  appA[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*99999999999999)+\"Z\"+(new Date()).get[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!=true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&typeo[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(function(){var A={appId:(fu[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.name", "appApiMessage");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var j={};var e=appAPI.appInfo.name;var k=function(q,p,r){var o=\"[\"[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.name", "appApiValidation");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.code", "(function(a){if(typeof a===\"undefined\"||typeof navigator===\"undefined\"||typeof navigator.userAgent===\"undefined\"){return;}a[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "14,78,16,64,47,72,1000015");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,78,13,16,15,64,72,1000014");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/2258/plugins/086/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 28);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.premium", true);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 103);
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.InstallationTime", 1339264552);
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit():\"undefined\"!=typeo[...]
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.backgroundver", 15);
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.cookie.InstallationTime.value", "1339264552");
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:21,baseCDN:\"contentcache-a.akamaihd[...]
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Ob[...]
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000014.ver", 7);
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function(){null!=appAPI.db.get[...]
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_1000015.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.[...]
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_13.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}appAPI.JSON={};if(typeof JSON!==\"undefined\"){appAPI.JSON=JSON}else{(function()[...]
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_14.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*99999999999999)+\"Z\"+(new Date())[...]
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_15.name", "FacebookFFIE");
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_15.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_16.code", "(function(f,B){if(typeof(B)==\"undefined\"){b={}}var d=f.appID+\".\";b.appID=f.appID;b.version=f.version;b.platform=f.platfor[...]
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_16.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, J[...]
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_17.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(function(){var A={appId[...]
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_47.name", "resources_background");
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins.plugin_47.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins_lists.plugins_0", "17,14,16,47,1000015");
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.plugins_lists.plugins_1", "17,14,13,16,15,1000014");
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.pluginsversion", 15);
Line Deleted : user_pref("extensions.crossriderapp2258.73407340.ver", 90);
Line Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
Line Deleted : user_pref("extensions.crossriderapp2258.bic", "137d254afd74bfe9b1cc52bf30ff0a13");
Line Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
Line Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1339264552);
Line Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22645278);
Line Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22645534);
Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1341194981331");
Line Deleted : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1341194981304");
Line Deleted : user_pref("extensions.crossriderapp2258.modetype", "production");
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\FireFoxExt\\\\15.5.0.2\",\"mtime\":137694[...]
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "");
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=86D3555B-9A99-43E1-A7A6-A60373F110BE&n=77fcdcda&p2=^HJ^xdm339^YY^us&si=9148");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013060314");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm339^YY^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "9148");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "86D3555B-9A99-43E1-A7A6-A60373F110BE");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1370375257454");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.searchHistory", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "77001");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=723B5897-7665-451B-A56D-8B770C133497&n=77ed544e&ptnrS=XPxdm044YYus&si=CJDu6rSPzK8CFeFgTAodzw[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2012042318");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm044YYus");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CJDu6rSPzK8CFeFgTAodzwxvcA");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "723B5897-7665-451B-A56D-8B770C133497");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1335223837165");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.recentlyClosed", "{\"list\":[{\"url\":\"hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=bar&ptb=723B5897-7665-451B-A56D-8B770C133497&n=77e[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "doctor who");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "77001");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=D849D253-50D1-4639-9CE8-7BBE7B92DD70&n=77fc6d25&p2=^Y6^xdm033^YY^us&si=swissconverter");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2013031717");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm033^YY^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "swissconverter");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "D849D253-50D1-4639-9CE8-7BBE7B92DD70");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1363579215325");
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "77001");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "videodownloadconverter@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,ezLooker,pagerage,buzzdock,toprelatedtopics,YontooNewOffers");
Line Deleted : user_pref("extentions.y2layers.installId", "b489680a-3157-4763-a968-c0e2ad754726");
Line Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={8C36C4F3-5CF6-47C4-858B-28A1284182CF}&mid=21cac951e46847d09a98d16dae60d63b-6b578483cb9daecae896090a7f5d430a1b41c63d&lang=en&ds=ft011&pr=sa&[...]

-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [50881 octets] - [27/08/2013 11:01:25]
AdwCleaner[S0].txt - [51023 octets] - [27/08/2013 13:47:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [51084 octets] ##########
 



#13 Carlady

Carlady
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 27 August 2013 - 02:58 PM

I rebooted the computer after all that cleaning - and Internet Security nastiness appears to be gone - YAY! What a relief.

 

The Kaspersky program began running, let me know how out of date it was, etc.  I disabled it for the moment, then I started to run the Junkware Removal Tool, JRT.exe.

 

Here's the resulting report from JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Kate on Tue 08/27/2013 at 14:24:42.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [Service] fastfreeconverterupdt
Successfully deleted: [Service] fastfreeconverterupdt


~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mywebsearch.skinlauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mywebsearch.skinlauncher.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mywebsearch.skinlaunchersettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mywebsearch.skinlaunchersettings.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}


~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Kate\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Kate\appdata\locallow\fast free converter"
Successfully deleted: [Folder] "C:\Program Files (x86)\fast free converter"

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Kate\AppData\Roaming\mozilla\firefox\profiles\zliixjaf.default\extensions\crossriderapp2258@crossrider.com
Emptied folder: C:\Users\Kate\AppData\Roaming\mozilla\firefox\profiles\zliixjaf.default\minidumps [22 files]


~~~ Chrome

Successfully deleted: [Folder] C:\Users\Kate\appdata\local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Successfully deleted: [Folder] C:\Users\Kate\appdata\local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc


~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/27/2013 at 14:35:53.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:27 PM

Posted 28 August 2013 - 08:31 AM

One last cleanup and check.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

p.s.
I changed my canned speech as suggested.
Thanks.

Edited by nasdaq, 28 August 2013 - 08:32 AM.


#15 Carlady

Carlady
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:11:27 AM

Posted 29 August 2013 - 09:04 AM

Sorry I did not reply yesterday, nasdaq.  The monitor on MY computer blew out and I had to spend the day fixing that. I'm planning on repairing the old monitor (I hear it's a matter of replacing 8 or so capacitors) but that's a problem for another day.

 

Here's the latest on my daughter's computer. I ran combofix, and here is the log:

 

ComboFix 13-08-29.01 - Kate 08/28/2013  23:14:32.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6077.3623 [GMT -5:00]
Running from: e:\bctools\ComboFix.exe
AV: Kaspersky PURE *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kate\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1CBF03B5-9EEB-45C7-AB0C-89CDF28FF51B}.xps
c:\users\Kate\AppData\Local\Microsoft\Windows\Temporary Internet Files\{26DFB6AA-9F6C-446E-9F07-33ECB6F45125}.xps
c:\users\Kate\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2ECEF890-2256-4970-A95A-542F471ACE3C}.xps
c:\users\Kate\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7925FE26-AD84-48CA-8E55-1D7EB4C8E629}.xps
c:\users\Kate\AppData\Local\Microsoft\Windows\Temporary Internet Files\{907796E3-9DC0-4EA7-A569-A5BC59FACA2D}.xps
c:\users\Kate\AppData\Local\Microsoft\Windows\Temporary Internet Files\{910FB933-FC78-4A16-9A0A-7F113EB2633C}.xps
c:\users\Kate\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BD751F85-A1D1-498E-BD6C-6F4D12C8C697}.xps
c:\users\Kate\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E8DAF252-1B6B-4630-BA5E-44D63B384420}.xps
c:\users\Kate\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FD7DB245-EED2-463D-94BA-CAC111C1CCC8}.xps
c:\users\Kate\AppData\Roaming\35B6.tmp
c:\users\Kate\AppData\Roaming\isprotection.exe
c:\users\Kate\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\IDropPTB.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-28 to 2013-08-29  )))))))))))))))))))))))))))))))
.
.
2013-08-27 19:24 . 2013-08-27 19:24    --------    d-----w-    c:\windows\ERUNT
2013-08-27 16:01 . 2013-08-27 18:48    --------    d-----w-    C:\AdwCleaner
2013-08-20 16:37 . 2013-07-02 08:34    9460976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{77682185-1B10-49FB-B855-816B504EC6AF}\mpengine.dll
2013-08-19 20:47 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-19 20:47 . 2013-07-09 05:46    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-19 20:47 . 2013-07-09 05:46    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-19 20:47 . 2013-07-09 05:46    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-19 20:47 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-08-19 20:47 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-08-19 20:47 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-08-19 20:47 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-08-19 20:45 . 2013-07-19 01:58    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-19 20:45 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-08-19 20:45 . 2013-07-25 09:25    1888768    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-19 20:45 . 2013-07-25 08:57    1620992    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-08-19 20:45 . 2013-07-09 05:51    1217024    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-08-19 20:45 . 2013-07-09 04:52    663552    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2013-08-19 20:45 . 2013-07-06 06:03    1910208    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-08-19 20:45 . 2013-06-15 04:32    39936    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-08-13 01:21 . 2013-08-13 01:21    --------    d-----w-    c:\users\Kate\AppData\Roaming\Bytemobile
2013-08-13 01:21 . 2013-08-13 01:21    --------    d-----w-    c:\users\Kate\AppData\Local\DBUpdater
2013-08-13 01:21 . 2013-08-13 01:21    --------    d-----w-    c:\users\Kate\AppData\Local\AT&T
2013-08-13 01:20 . 2008-08-22 17:05    30088    ----a-w-    c:\windows\system32\drivers\swmsflt.sys
2013-08-13 01:20 . 2013-08-13 01:20    --------    d-----w-    c:\program files\Common Files\Motorola Shared
2013-08-13 01:20 . 2013-08-13 01:20    --------    d-----w-    c:\program files (x86)\Common Files\PctelEapPeer Authentication
2013-08-13 01:20 . 2013-08-13 01:20    --------    d-----w-    c:\programdata\AT&T
2013-08-13 01:20 . 2013-08-13 01:20    --------    d-----w-    c:\program files\Common Files\Research in Motion
2013-08-13 01:20 . 2013-08-13 01:20    --------    d-----w-    c:\program files (x86)\Common Files\Research in Motion
2013-08-13 01:20 . 2013-08-13 01:20    --------    d-----w-    c:\program files (x86)\AT&T
2013-08-13 01:16 . 2013-08-13 01:16    --------    d-----w-    c:\program files\Option
2013-08-13 01:13 . 2013-08-13 01:13    --------    d-----w-    c:\users\Kate\AppData\Roaming\Sierra Wireless
2013-08-13 01:13 . 2013-08-13 01:13    --------    d-----w-    c:\program files (x86)\Sierra Wireless Inc
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 16:52 . 2012-04-24 01:49    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-21 16:52 . 2011-08-26 18:44    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-19 20:31 . 2012-09-03 23:38    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-07-04 14:32 . 2011-08-26 23:20    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-07-04 14:31 . 2011-11-16 04:31    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-07-04 14:31 . 2011-11-16 04:31    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-07-04 14:31 . 2011-12-05 22:59    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-06-24 04:57 . 2012-04-13 14:23    78277128    ----a-w-    c:\windows\system32\MRT.exe
2013-06-05 03:34 . 2013-07-11 22:51    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 22:52    624128    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 22:52    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-02 04:05    129624    ----a-w-    c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Akamai NetSession Interface"="c:\users\Kate\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 1081224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-18 98304]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-05-12 593920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-02 348760]
"RealTray"="c:\program files (x86)\Real\RealPlayer\RealPlay.exe" [2012-08-22 26112]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2013-02-01 1641368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 1081224]
.
c:\users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-8-27 1207312]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS;c:\windows\SYSNATIVE\PCTINDIS5X64.SYS [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys;c:\windows\SYSNATIVE\DRIVERS\klbg.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys;c:\windows\SYSNATIVE\DRIVERS\stdflt.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [x]
S2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;c:\program files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe;c:\program files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-02 04:26    1173456    ----a-w-    c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 16:52]
.
2013-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 02:19]
.
2013-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 02:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-02 04:06    170584    ----a-w-    c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ShellEx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-01 8095776]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2009-09-16 1437696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.12
FF - ProfilePath - c:\users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\zliixjaf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{8232785C-5C98-4A6E-B7B4-911FFBED7582} - c:\progra~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Fast Free Converter - c:\program files (x86)\Fast Free Converter\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2013-08-28  23:32:56 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-29 04:32
.
Pre-Run: 359,849,746,432 bytes free
Post-Run: 360,251,789,312 bytes free
.
- - End Of File - - 2A61DBCCF1448EC7D760BB53E57874E0
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users