Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

24x7HelpSvc and other infections I can't rid PC of


  • This topic is locked This topic is locked
3 replies to this topic

#1 lvenegas

lvenegas

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 28 August 2013 - 11:38 AM

Unable to  open IE without it immediately saying "Internet Explorer has stopped working", Firefox opens but displays pop-up ads and videos at the bottom left hand of the screen.  Have tried tools suggested here and will post logs. Thanks in advance for any help!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Owner at 10:54:59 on 2013-08-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3882.1997 [GMT -5:00]
.
AV: Trend Micro Titanium *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\igfxtray.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Windows\system32\msinfo32.exe
C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\taskeng.exe
F:\rootkitremover.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearchAssistant = hxxp://www.google.com
mURLSearchHooks: {d2cf9842-af95-48cd-b873-bfbb48cd7f5e} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Define: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} -
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll
BHO: {d2cf9842-af95-48cd-b873-bfbb48cd7f5e} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
uRun: [GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 10.215.1.3 10.215.1.4
TCP: Interfaces\{3D165A70-6657-4EB2-ACF6-63B7C61754F6} : DHCPNameServer = 207.191.1.10
TCP: Interfaces\{98D5BEC8-DD2F-4D4B-B2BC-94814837DFBC} : DHCPNameServer = 10.215.1.3 10.215.1.4
TCP: Interfaces\{98D5BEC8-DD2F-4D4B-B2BC-94814837DFBC}\348696C646562737 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8earbx12.default\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-12 23:00; gystqfr@ylgga.com; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8earbx12.default\extensions\gystqfr@ylgga.com
FF - ExtSQL: 2013-07-13 20:27; {665B2C45-050E-4FE6-9D40-0DE18F1454FE}; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8earbx12.default\extensions\{665B2C45-050E-4FE6-9D40-0DE18F1454FE}
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2010-11-24 24680]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2010-11-24 13824]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.EXE [2013-4-2 193672]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-8-18 408576]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2011-7-28 67664]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-16 13832]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-24 2320920]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-8-18 911872]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.EXE [2013-4-2 240264]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]
R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-11-24 118664]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-24 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-11-24 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-11-24 287232]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-8-30 394016]
S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-7-28 256336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-7-31 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-31 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-31 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-28 15:28:37 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-28 15:16:27 98816 ----a-w- C:\Windows\sed.exe
2013-08-28 15:16:27 256000 ----a-w- C:\Windows\PEV.exe
2013-08-28 15:16:27 208896 ----a-w- C:\Windows\MBR.exe
2013-08-28 14:31:52 -------- d-----w- C:\Windows\ERUNT
2013-08-27 20:27:29 -------- d-----w- C:\Users\Owner\AppData\Local\Apps
2013-08-27 20:01:03 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-08-27 20:01:00 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-27 19:48:06 -------- d-----w- C:\AdwCleaner
2013-08-27 19:21:34 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2013-08-27 19:21:11 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-08-27 19:21:01 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-27 19:21:00 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-27 19:21:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-15 06:16:46 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-14 16:11:04 4774272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-08-14 16:11:04 4774272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
==================== Find3M  ====================
.
2013-08-28 15:49:32 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-28 15:49:32 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-27 20:00:54 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-14 01:34:50 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-06-01 22:23:33 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
============= FINISH: 10:56:06.46 ===============
 

 

AdwCleaner scan log:

 

 

# AdwCleaner v3.000 - Report created 27/08/2013 at 14:48:11
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : F:\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : 24x7HelpSvc
Service Found : CltMngSvc
Service Found : Updater By SweetPacks
Service Found : WebCake Desktop Updater

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Owner\AppData\Local\Temp\Searchqu.ini
File Found : C:\Users\Owner\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Found : C:\Users\Owner\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
File Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8earbx12.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8earbx12.default\searchplugins\Web Search.xml
File Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8earbx12.default\user.js
File Found : C:\Users\Public\Desktop\24x7 Help.lnk
File Found : C:\Windows\System32\dmwu.exe
File Found : C:\Windows\System32\ImhxxpComm.dll
File Found : C:\Windows\System32\Tasks\LyricsContainer Update
File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
File Found : C:\Windows\Tasks\LyricsContainer Update.job
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\lesstabs@lesstabs.com
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8earbx12.default\Extensions\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8earbx12.default\Extensions\plugin@getwebcake.com
Folder Found C:\Program Files (x86)\Ask.com
Folder Found C:\Program Files (x86)\BabylonToolbar
Folder Found C:\Program Files (x86)\HappyLyrics
Folder Found C:\Program Files (x86)\HDvidCodec.com
Folder Found C:\Program Files (x86)\Ilivid
Folder Found C:\Program Files (x86)\iMesh Applications
Folder Found C:\Program Files (x86)\iMesh Applications\Mediabar
Folder Found C:\Program Files (x86)\LyricsContainer
Folder Found C:\Program Files (x86)\OApps
Folder Found C:\Program Files (x86)\SweetIM
Folder Found C:\Program Files (x86)\Web Cake
Folder Found C:\Program Files (x86)\WebCake
Folder Found C:\Program Files (x86)\Windows iLivid Toolbar
Folder Found C:\Program Files\Updater By SweetPacks
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\iMesh
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\Users\cbearr\AppData\Local\Ilivid Player
Folder Found C:\Users\Owner\AppData\Local\Babylon
Folder Found C:\Users\Owner\AppData\Local\getsavin
Folder Found C:\Users\Owner\AppData\Local\iMesh
Folder Found C:\Users\Owner\AppData\Local\OpenCandy
Folder Found C:\Users\Owner\AppData\Local\PackageAware
Folder Found C:\Users\Owner\AppData\Local\Smartbar
Folder Found C:\Users\Owner\AppData\Local\Temp\BabylonToolbar
Folder Found C:\Users\Owner\AppData\Local\Temp\Smartbar
Folder Found C:\Users\Owner\AppData\LocalLow\AskToolbar
Folder Found C:\Users\Owner\AppData\LocalLow\Conduit
Folder Found C:\Users\Owner\AppData\LocalLow\mediabarim
Folder Found C:\Users\Owner\AppData\LocalLow\searchquband
Folder Found C:\Users\Owner\AppData\LocalLow\Searchqutoolbar
Folder Found C:\Users\Owner\AppData\Roaming\24x7 Help
Folder Found C:\Users\Owner\AppData\Roaming\Babylon
Folder Found C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Folder Found C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8earbx12.default\jetpack
Folder Found C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8earbx12.default\mediabarim
Folder Found C:\Users\Owner\AppData\Roaming\OpenCandy
Folder Found C:\Users\Owner\AppData\Roaming\WebCake
Folder Found C:\Windows\SysWOW64\ARFC
Folder Found C:\Windows\SysWOW64\jmdp
Folder Found C:\Windows\SysWOW64\WNLT

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\24x7HELP
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\LyricsContainer
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Imesh
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{463B0ED4-8AFA-404B-90E7-4063A0708050}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{463B0ED4-8AFA-404B-90E7-4063A0708050}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\SmartbarBackup
Key Found : HKCU\Software\SmartbarLog
Key Found : HKCU\Software\WNLT
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\24x7HELP
Key Found : [x64] HKCU\Software\APN
Key Found : [x64] HKCU\Software\Ask.com
Key Found : [x64] HKCU\Software\BabylonToolbar
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\Imesh
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\SmartbarBackup
Key Found : [x64] HKCU\Software\SmartbarLog
Key Found : [x64] HKCU\Software\WNLT
Key Found : HKLM\Software\24x7HELP
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\iMesh.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Key Found : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69D3F709-9DE2-479F-980F-532D46895703}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Key Found : HKLM\SOFTWARE\Classes\ilivid
Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Found : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLM\Software\ilivid
Key Found : HKLM\Software\Imesh
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_origin_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_origin_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Imesh
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lyrics@LyricsContainer.co
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Found : HKLM\Software\SearchquMediabarTb
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Found : [x64] HKLM\SOFTWARE\DataMngr
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Key Found : [x64] HKLM\SOFTWARE\WNLT
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WebCake Desktop]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [lesstabs@lesstabs.com]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8earbx12.default\prefs.js ]

Line Found : user_pref("extensions.enabledAddons", "lesstabs%40lesstabs.com:1.7.1.0,plugin%40getwebcake.com:1.00.01,%7B665B2C45-050E-4FE6-9D40-0DE18F1454FE%7D:1.5,%7B8E9E3331-D360-4f87-8803-52DE43566502%7D:2.0.0.6[...]
Line Found : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{22C7F6C6-8D67-4534-92B5-529A0EC09405}\":{\"descriptor\":\"C:\\\\Program Files\\\\Trend Micro\\\\AMSP\\\\Module\\\\[...]
Line Found : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
Line Found : user_pref("extentions.webcake.installId", "911b06ea-53f4-475f-b9a4-e085a902764d");
Line Found : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Line Found : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_referrer", "hxxp://www.searchnu.com/406/|||8641373857703806");
Line Found : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_temp_referer", "hxxp://www.searchnu.com/406/|#|old_value|||8641373857703806");
Line Found : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
Line Found : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_product_name", "Updater By SweetPacks");
Line Found : user_pref("browser.search.selectedEngine", "Web Search");

-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : keyword

*************************

AdwCleaner[R0].txt - [33881 octets] - [27/08/2013 14:48:11]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [33942 octets] ##########

 

 

 

Junkware log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Wed 08/28/2013 at  9:31:54.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsfolder
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\updater by sweetpacks
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298581
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3178A392-8963-471E-B7A2-969CB58D6496}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3178A392-8963-471E-B7A2-969CB58D6496}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3178A392-8963-471E-B7A2-969CB58D6496}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3178A392-8963-471E-B7A2-969CB58D6496}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B5959E0-10ED-46A3-A3AB-AA739C495E34}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5B5959E0-10ED-46A3-A3AB-AA739C495E34}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

 

~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\LyricsFolder Update.job

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\betcat"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\24x7help"
Successfully deleted: [Folder] "C:\Program Files (x86)\betcat"
Successfully deleted: [Folder] "C:\Program Files (x86)\lesstabs"
Successfully deleted: [Folder] "C:\Program Files (x86)\lyricsfolder"
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{0149A70C-CB8F-4CED-8D90-40A5565ED9BE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{31936555-FD15-4BFE-A221-80F57DB82127}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{57A8B7DE-069E-46F5-AA1D-104DE7FDD10C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9A4C9A4A-896A-4A52-9505-82B60C77C401}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A60371DE-D233-4809-97D9-6E2FEAA785B2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FCE4E171-C9FF-4A88-86B1-9A017F28E510}
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

 

~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\lyrics@lyricscontainer.co
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\8earbx12.default\prefs.js

user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=65931989-080c-4cd7-9d64-ade1c46d200e&searchtype=nt&insta
user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=65931989-080c-4cd7-9d64-ade1c46d200e&searchtype=hp
user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=65931989-080c-4cd7-9d64-ade1c46d200e&searchtype=ds&installDate=
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\8earbx12.default\minidumps [2 files]

 

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/28/2013 at  9:33:50.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

ComboFix log:

 

 

ComboFix 13-08-28.02 - Owner 08/28/2013  10:18:45.1.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3882.3217 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\DefineExt\teMP.dat
c:\users\Owner\Documents\~WRL3520.tmp
c:\windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-28 to 2013-08-28  )))))))))))))))))))))))))))))))
.
.
2013-08-28 14:31 . 2013-08-28 14:31 -------- d-----w- c:\windows\ERUNT
2013-08-27 20:27 . 2013-08-27 20:27 -------- d-----w- c:\users\Owner\AppData\Local\Apps
2013-08-27 20:01 . 2013-08-27 20:01 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-08-27 20:01 . 2013-08-27 20:00 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-08-27 20:01 . 2013-08-27 20:00 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-27 19:58 . 2013-08-27 19:58 -------- d-----w- c:\programdata\McAfee
2013-08-27 19:48 . 2013-08-27 20:53 -------- d-----w- C:\AdwCleaner
2013-08-27 19:21 . 2013-08-27 19:21 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2013-08-27 19:21 . 2013-08-27 19:21 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2013-08-27 19:21 . 2013-08-27 19:21 -------- d-----w- c:\programdata\Malwarebytes
2013-08-27 19:21 . 2013-08-27 19:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-27 19:21 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-15 06:16 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 16:11 . 2013-08-14 16:11 4774272 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-08-14 16:11 . 2013-08-14 16:11 4774272 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-28 14:49 . 2012-04-05 06:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-28 14:49 . 2012-04-05 06:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-27 20:00 . 2011-08-09 01:51 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-14 01:34 . 2010-11-24 22:34 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-07-09 04:45 . 2013-08-15 06:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-05 03:34 . 2013-07-11 03:12 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 06:00 . 2013-07-11 03:12 624128 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 04:53 . 2013-07-11 03:12 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-06-01 22:25 . 2013-06-01 22:25 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-01 22:25 . 2013-06-01 22:25 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-01 22:25 . 2013-06-01 22:25 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-01 22:25 . 2013-06-01 22:25 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-01 22:25 . 2013-06-01 22:25 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-01 22:25 . 2013-06-01 22:25 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-01 22:25 . 2013-06-01 22:25 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-01 22:25 . 2013-06-01 22:25 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-01 22:25 . 2013-06-01 22:25 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-01 22:25 . 2013-06-01 22:25 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-01 22:25 . 2013-06-01 22:25 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-01 22:25 . 2013-06-01 22:25 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-01 22:25 . 2013-06-01 22:25 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-01 22:25 . 2013-06-01 22:25 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-01 22:25 . 2013-06-01 22:25 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-01 22:25 . 2013-06-01 22:25 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-01 22:25 . 2013-06-01 22:25 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-01 22:25 . 2013-06-01 22:25 441856 ----a-w- c:\windows\system32\html.iec
2013-06-01 22:25 . 2013-06-01 22:25 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-01 22:25 . 2013-06-01 22:25 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-01 22:25 . 2013-06-01 22:25 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-01 22:25 . 2013-06-01 22:25 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-01 22:25 . 2013-06-01 22:25 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-01 22:25 . 2013-06-01 22:25 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-01 22:25 . 2013-06-01 22:25 235008 ----a-w- c:\windows\system32\url.dll
2013-06-01 22:25 . 2013-06-01 22:25 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-01 22:25 . 2013-06-01 22:25 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-01 22:25 . 2013-06-01 22:25 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-01 22:25 . 2013-06-01 22:25 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-01 22:25 . 2013-06-01 22:25 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-01 22:25 . 2013-06-01 22:25 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-01 22:25 . 2013-06-01 22:25 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-01 22:25 . 2013-06-01 22:25 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-01 22:25 . 2013-06-01 22:25 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-01 22:25 . 2013-06-01 22:25 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-01 22:25 . 2013-06-01 22:25 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-01 22:25 . 2013-06-01 22:25 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-01 22:25 . 2013-06-01 22:25 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-01 22:25 . 2013-06-01 22:25 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-01 22:25 . 2013-06-01 22:25 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-01 22:25 . 2013-06-01 22:25 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-01 22:25 . 2013-06-01 22:25 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-01 22:25 . 2013-06-01 22:25 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-01 22:25 . 2013-06-01 22:25 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-01 22:25 . 2013-06-01 22:25 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-01 22:25 . 2013-06-01 22:25 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-01 22:25 . 2013-06-01 22:25 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-01 22:25 . 2013-06-01 22:25 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-01 22:25 . 2013-06-01 22:25 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-01 22:23 . 2013-06-01 22:23 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-01 22:23 . 2013-06-01 22:23 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-01 22:23 . 2013-06-01 22:23 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-01 22:23 . 2013-06-01 22:23 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-06-01 22:23 . 2013-06-01 22:23 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-01 22:23 . 2013-06-01 22:23 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-01 22:23 . 2013-06-01 22:23 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-01 22:23 . 2013-06-01 22:23 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-01 22:23 . 2013-06-01 22:23 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-01 22:23 . 2013-06-01 22:23 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-01 22:23 . 2013-06-01 22:23 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-06-01 22:23 . 2013-06-01 22:23 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-01 22:23 . 2013-06-01 22:23 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-01 22:23 . 2013-06-01 22:23 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-06-01 22:23 . 2013-06-01 22:23 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-01 22:23 . 2013-06-01 22:23 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-06-01 22:23 . 2013-06-01 22:23 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-01 22:23 . 2013-06-01 22:23 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-01 22:23 . 2013-06-01 22:23 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-06-01 22:23 . 2013-06-01 22:23 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-01 22:23 . 2013-06-01 22:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-01 22:23 . 2013-06-01 22:23 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-01 22:23 . 2013-06-01 22:23 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-01 22:23 . 2013-06-01 22:23 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-01 22:23 . 2013-06-01 22:23 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-01 22:23 . 2013-06-01 22:23 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-06-01 22:23 . 2013-06-01 22:23 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-01 22:23 . 2013-06-01 22:23 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-01 22:23 . 2013-06-01 22:23 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-01 22:23 . 2013-06-01 22:23 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-01 22:23 . 2013-06-01 22:23 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-06-01 22:23 . 2013-06-01 22:23 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-01 22:23 . 2013-06-01 22:23 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-01 22:23 . 2013-06-01 22:23 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-01 22:23 . 2013-06-01 22:23 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-06-01 22:23 . 2013-06-01 22:23 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-01 22:23 . 2013-06-01 22:23 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-06-01 22:23 . 2013-06-01 22:23 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-06-01 22:23 . 2013-06-01 22:23 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-06-01 22:23 . 2013-06-01 22:23 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-01 22:23 . 2013-06-01 22:23 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-06-01 22:23 . 2013-06-01 22:23 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-06-01 22:23 . 2013-06-01 22:23 1175552 ----a-w- c:\windows\system32\FntCache.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2011-11-07 28846216]
"ManyCam"="c:\program files (x86)\ManyCam\Bin\ManyCam.exe" [2011-09-29 1756232]
"GoogleChromeAutoLaunch_721577D41E77D440C916E2687EBA0267"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-07-25 846288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-07-14 295512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe [x]
R3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
R3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys;c:\windows\SYSNATIVE\DRIVERS\ManyCam_x64.sys [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-07 09:36 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 14:49]
.
2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-14 01:33]
.
2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-14 01:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11369576]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 10.215.1.3 10.215.1.4
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8earbx12.default\
FF - ExtSQL: 2013-07-12 23:00; gystqfr@ylgga.com; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8earbx12.default\extensions\gystqfr@ylgga.com
FF - ExtSQL: 2013-07-13 20:27; {665B2C45-050E-4FE6-9D40-0DE18F1454FE}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8earbx12.default\extensions\{665B2C45-050E-4FE6-9D40-0DE18F1454FE}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - c:\users\Owner\AppData\Local\DefineExt\temp.dat
BHO-{d2cf9842-af95-48cd-b873-bfbb48cd7f5e} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - c:\windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-GetSavin - c:\users\Owner\AppData\Local\getsavin\uninst.exe
AddRemove-LessTabs - c:\program files (x86)\LessTabs\Uninstall.exe
AddRemove-Lyrics@LyricsFolder.co - c:\program files (x86)\LyricsFolder\uninstall.exe
AddRemove-MixiDJ_V45 Toolbar - c:\program files (x86)\MixiDJ_V45\uninstall.exe
AddRemove-sl-apl - c:\program files (x86)\OApps\sl-apl_uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-698050241-1968761561-204491179-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-698050241-1968761561-204491179-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-28  10:28:34
ComboFix-quarantined-files.txt  2013-08-28 15:28
.
Pre-Run: 92,154,572,800 bytes free
Post-Run: 93,498,200,064 bytes free
.
- - End Of File - - A46B4092E79B4F74D3F3CFAEC461E126
 

 

 



BC AdBot (Login to Remove)

 


#2 lvenegas

lvenegas
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 29 August 2013 - 11:42 AM

Ran rkill and re-ran instructions and it's all clean :bounce:



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:47 PM

Posted 02 September 2013 - 09:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

You did good.

How ever please run the DDS tool again and post the log for my review.

I suspect that these are not required and I cannot find any reference for it.

FF - ExtSQL: 2013-07-12 23:00; gystqfr@ylgga.com; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8earbx12.default\extensions\gystqfr@ylgga.com
FF - ExtSQL: 2013-07-13 20:27; {665B2C45-050E-4FE6-9D40-0DE18F1454FE}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8earbx12.default\extensions\{665B2C45-050E-4FE6-9D40-0DE18F1454FE}


===

Run this tool also.

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:47 PM

Posted 08 September 2013 - 09:02 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users