Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware! DDS and Hijack This! logs attached


  • This topic is locked This topic is locked
8 replies to this topic

#1 stevensimon10482

stevensimon10482

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 14 January 2014 - 02:14 PM

Hi - I've got a million spies and malware-ish things on my browsers. Here's what I've done so far:

 

  • I've run Spybot once a day for three days. Every day, new malicious items to delete.
  • I've run Ad-Aware.
  • I've run scans with Malwarebytes.
  • I am using Avast as my anti-virus, and have run scans with that as well.
  • Each of these programs has been updated as recently as last night.

I would appreciate any help you can give. Thanks so much. Logs attached.

Steven

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 1.6.0_30
Run by Steven Simon at 23:58:43 on 2014-01-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2812.920 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Users\Steven Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Steven Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: {06A62326-A7B7-E8FF-64B7-92135DFA39DB} - <orphaned>
BHO: {10921475-03CE-4E04-90CE-E2E7EF20C814} - <orphaned>
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
BHO: {798D36A5-D520-3DEC-2C06-ECA01F5DB9B0} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Spotify Web Helper] "C:\Users\Steven Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Steven Simon\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\STEVEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Steven Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\STEVEN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: WallpaperStyle = 2
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{59767401-3C13-4D21-947D-80E0F35FF6A8} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{59767401-3C13-4D21-947D-80E0F35FF6A8}\16474777966696 : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{59767401-3C13-4D21-947D-80E0F35FF6A8}\2375942554135303 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{59767401-3C13-4D21-947D-80E0F35FF6A8}\2656C616 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{59767401-3C13-4D21-947D-80E0F35FF6A8}\2716666656274797 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{59767401-3C13-4D21-947D-80E0F35FF6A8}\7457563747 : DHCPNameServer = 208.91.112.53 4.2.2.2
TCP: Interfaces\{59767401-3C13-4D21-947D-80E0F35FF6A8}\74F6F646A4F62637C414 : DHCPNameServer = 72.34.28.8 72.34.28.18
TCP: Interfaces\{59767401-3C13-4D21-947D-80E0F35FF6A8}\84F6573756379647475627 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C26A938A-860B-4D4E-A17D-4D588B0EC268} : DHCPNameServer = 172.28.0.20 172.28.22.20
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.5\iobitappsToolbarIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-01-14&ent=hp&u=BBEFB53D05E2B9455D90F252D4F1BD05
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\Steven Simon\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Steven Simon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Steven Simon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Steven Simon\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2014-01-07 15:32; speeddial@instair.net; C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\extensions\speeddial@instair.net
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutD0C0E0E0EyC0CzztB0D0CtDyDzztD0EtN0D0Tzu0CtBtDyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1506874139
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutD0C0E0E0EyC0CzztB0D0CtDyDzztD0EtN0D0Tzu0CtBtDyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1506874139
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutD0C0E0E0EyC0CzztB0D0CtDyDzztD0EtN0D0Tzu0CtBtDyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1506874139&q=
FF - user.js: extensions.funmoods.id - 0CEEE6C82DC0580E
FF - user.js: extensions.funmoods.instlDay - 15545
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.220:24:43
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-8 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-8 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-17 1034464]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-7-17 422216]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-7-2 203264]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-7-17 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-8 50344]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-30 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-30 701512]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-16 1153368]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2010-7-15 145448]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-8 79672]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-18 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-29 215040]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-11-29 36408]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 c8d49171;InteliWeb;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-1-7 2151744]
S2 SecureUpdateSvc;SecureUpdate;C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2014-1-7 2473296]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-11-3 87552]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2009-11-3 14592]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-1-9 111616]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-29 216576]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-1 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-12-13 807800]
.
=============== Created Last 30 ================
.
2014-01-14 07:43:36    --------    d-----w-    C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
2014-01-14 07:43:36    --------    d-----w-    C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy)
2014-01-13 22:05:03    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-13 07:45:15    388096    ----a-r-    C:\Users\Steven Simon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-13 07:45:14    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2014-01-11 00:26:25    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E39F3FC-7B8C-4D56-B7E0-92016AE7A809}\mpengine.dll
2014-01-10 03:06:26    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-09 22:14:04    --------    d-----w-    C:\Program Files\iPod
2014-01-09 22:14:03    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-09 22:14:03    --------    d-----w-    C:\Program Files\iTunes
2014-01-09 22:14:03    --------    d-----w-    C:\Program Files (x86)\iTunes
2014-01-09 22:04:16    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-01-09 22:04:16    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-01-09 22:04:16    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-01-09 22:04:16    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-01-09 22:04:16    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-01-09 22:04:16    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2014-01-09 22:04:16    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2014-01-09 22:04:16    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2014-01-09 22:04:16    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2014-01-09 22:04:16    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2014-01-08 21:43:22    --------    d-----w-    C:\Users\Steven Simon\AppData\Roaming\LavasoftStatistics
2014-01-08 20:06:02    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2014-01-08 20:06:02    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2014-01-08 20:05:57    633856    ----a-w-    C:\Windows\System32\comctl32.dll
2014-01-08 20:05:57    530432    ----a-w-    C:\Windows\SysWow64\comctl32.dll
2014-01-08 20:05:32    226816    ----a-w-    C:\Windows\System32\dhcpcore6.dll
2014-01-08 20:05:31    55296    ----a-w-    C:\Windows\System32\dhcpcsvc6.dll
2014-01-08 20:05:31    44032    ----a-w-    C:\Windows\SysWow64\dhcpcsvc6.dll
2014-01-08 20:05:31    193536    ----a-w-    C:\Windows\SysWow64\dhcpcore6.dll
2014-01-08 20:05:19    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2014-01-08 20:05:19    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2014-01-08 20:04:37    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2014-01-08 20:04:37    230400    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-01-08 20:04:32    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-08 20:04:16    111448    ----a-w-    C:\Windows\System32\consent.exe
2014-01-08 20:04:15    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2014-01-08 20:03:24    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2014-01-08 20:03:23    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2014-01-08 20:03:23    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2014-01-08 20:03:23    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2014-01-08 20:03:23    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2014-01-08 20:03:23    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2014-01-08 20:03:08    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2014-01-08 20:03:08    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2014-01-08 20:03:04    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-01-08 20:03:04    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-01-08 20:01:59    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-01-08 20:00:11    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2014-01-08 20:00:08    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2014-01-08 20:00:07    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2014-01-08 20:00:07    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2014-01-08 19:56:35    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2014-01-08 19:55:49    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2014-01-08 19:55:49    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2014-01-08 19:55:47    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-01-08 19:55:47    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-01-08 19:55:45    68608    ----a-w-    C:\Windows\System32\taskhost.exe
2014-01-08 19:55:31    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2014-01-08 19:55:31    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2014-01-08 19:55:10    1367040    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-01-08 19:55:09    936448    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-01-08 19:55:07    124112    ----a-w-    C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2014-01-08 19:55:07    102608    ----a-w-    C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-01-08 19:53:10    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2014-01-08 19:53:09    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2014-01-08 19:53:09    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2014-01-08 19:53:09    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2014-01-08 19:53:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2014-01-08 18:50:09    --------    d-----w-    C:\Users\Steven Simon\AppData\Roaming\AVAST Software
2014-01-08 17:46:47    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-01-08 17:46:45    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2014-01-08 17:46:45    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2014-01-08 16:01:26    --------    d-----w-    C:\Windows\System32\SPReview
2014-01-08 16:00:13    --------    d-----w-    C:\Windows\System32\EventProviders
2014-01-08 15:56:32    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2014-01-08 15:56:32    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2014-01-08 15:56:29    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2014-01-08 15:56:28    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2014-01-08 15:56:23    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2014-01-08 15:56:22    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2014-01-08 15:56:22    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2014-01-08 15:52:00    --------    d-----w-    C:\Windows\System32\MRT
2014-01-08 15:51:05    --------    d-----r-    C:\Program Files (x86)\Skype
2014-01-08 09:58:53    1882624    ----a-w-    C:\Windows\System32\msxml3.dll
2014-01-08 09:58:52    2002432    ----a-w-    C:\Windows\System32\msxml6.dll
2014-01-08 09:58:50    1389568    ----a-w-    C:\Windows\SysWow64\msxml6.dll
2014-01-08 09:58:49    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2014-01-08 09:58:49    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2014-01-08 09:58:49    1236992    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2014-01-08 09:56:57    44032    ----a-w-    C:\Windows\System32\tsgqec.dll
2014-01-08 09:56:57    158720    ----a-w-    C:\Windows\System32\aaclient.dll
2014-01-08 09:56:57    131584    ----a-w-    C:\Windows\SysWow64\aaclient.dll
2014-01-08 09:56:56    36864    ----a-w-    C:\Windows\SysWow64\tsgqec.dll
2014-01-08 09:54:18    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
2014-01-08 09:54:13    33792    ----a-w-    C:\Windows\System32\profprov.dll
2014-01-08 09:54:13    209920    ----a-w-    C:\Windows\System32\profsvc.dll
2014-01-08 09:54:06    478208    ----a-w-    C:\Windows\System32\dpnet.dll
2014-01-08 09:54:05    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
2014-01-08 09:54:05    3072    ----a-w-    C:\Windows\System32\dpnaddr.dll
2014-01-08 09:54:05    2560    ----a-w-    C:\Windows\SysWow64\dpnaddr.dll
2014-01-08 09:45:25    79672    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-01-08 09:40:28    210944    ----a-w-    C:\Windows\System32\drivers\rdpwd.sys
2014-01-08 09:39:46    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-01-08 09:39:41    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-01-08 09:39:41    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-01-08 09:29:59    2342400    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-01-08 09:29:56    223752    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2014-01-08 09:29:46    136704    ----a-w-    C:\Windows\System32\browser.dll
2014-01-08 09:29:44    59392    ----a-w-    C:\Windows\System32\browcli.dll
2014-01-08 09:29:42    41984    ----a-w-    C:\Windows\SysWow64\browcli.dll
2014-01-08 09:29:33    503808    ----a-w-    C:\Windows\System32\srcore.dll
2014-01-08 09:29:31    296960    ----a-w-    C:\Windows\System32\rstrui.exe
2014-01-08 09:29:30    43008    ----a-w-    C:\Windows\SysWow64\srclient.dll
2014-01-08 09:27:39    95744    ----a-w-    C:\Windows\System32\synceng.dll
2014-01-08 09:27:38    78336    ----a-w-    C:\Windows\SysWow64\synceng.dll
2014-01-08 09:26:58    956928    ----a-w-    C:\Windows\System32\localspl.dll
2014-01-08 09:26:56    39424    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\winprint.dll
2014-01-08 09:07:06    --------    d-----w-    C:\$RECYCLE.BIN
2014-01-08 07:39:21    --------    d-----w-    C:\Users\Steven Simon\.smplayer
2014-01-08 07:05:45    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2014-01-08 07:05:16    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2014-01-08 07:03:59    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2014-01-08 07:03:59    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2014-01-08 06:47:10    --------    d-----w-    C:\Users\Steven Simon\AppData\Roaming\ProductData
2014-01-08 06:46:18    --------    d-----w-    C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-01-08 06:46:07    --------    d-----w-    C:\ProgramData\ProductData
2014-01-08 06:46:01    --------    d-----w-    C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
2014-01-08 06:40:53    268968    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-01-08 06:40:40    --------    d-----w-    C:\Program Files (x86)\Secure Speed Dial
2014-01-08 06:40:04    --------    d-----w-    C:\ProgramData\IObit
2014-01-08 06:39:07    --------    d-----w-    C:\Program Files (x86)\Application Updater
2014-01-08 06:39:06    --------    d-----w-    C:\Program Files (x86)\IObit Apps Toolbar
2014-01-08 06:39:06    --------    d-----w-    C:\Program Files (x86)\Common Files\Spigot
2014-01-08 06:38:16    --------    d-----w-    C:\Users\Steven Simon\AppData\Roaming\IObit
2014-01-08 06:38:02    --------    d-----w-    C:\Program Files (x86)\IObit
2014-01-08 06:37:23    --------    d-----w-    C:\Program Files\CCleaner
2014-01-01 20:29:47    --------    d-----w-    C:\ProgramData\EnjjoyCOiupoon
2014-01-01 20:29:43    --------    d-----w-    C:\ProgramData\lcbkhipnfajogpcmfdlimneidpghpbhm
2014-01-01 20:29:36    --------    d-----w-    C:\Users\Steven Simon\AppData\Local\Packages
2014-01-01 20:29:35    --------    d-----w-    C:\ProgramData\755c382b6f0ea581
2014-01-01 20:29:20    --------    d-----w-    C:\ProgramData\CCheeapMue
2013-12-30 12:47:21    --------    d-----w-    C:\ProgramData\InteliWeb
.
==================== Find3M  ====================
.
2014-01-10 03:06:26    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-08 18:29:59    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2014-01-08 18:29:58    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2014-01-08 09:45:04    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-01-08 09:45:04    207904    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-01-08 09:45:04    1034464    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-01-08 09:45:03    78648    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-08 09:44:59    92544    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-01-08 09:44:56    43152    ----a-w-    C:\Windows\avastSS.scr
2013-12-11 06:51:23    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 06:51:23    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 20:25:52    267936    ------w-    C:\Windows\System32\MpSigStub.exe
.
============= FINISH:  0:26:41.52 ===============
 

Attached Files


Edited by Noviciate, 14 January 2014 - 03:32 PM.
Log added from attachment.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:30 AM

Posted 14 January 2014 - 03:34 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.


So long, and thanks for all the fish.

 

 


#3 stevensimon10482

stevensimon10482
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 14 January 2014 - 04:17 PM

Working on it. Will update.



#4 stevensimon10482

stevensimon10482
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 14 January 2014 - 04:25 PM

Sadly, it locking up and freezing and not responding every time I start the Quick Scan.



#5 stevensimon10482

stevensimon10482
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 14 January 2014 - 05:00 PM

Attaching the files because the site keeps reading it all as emoticons.

Thanks.

 

OTL logfile created on: 1/14/2014 1:14:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steven Simon\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.75 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 27.95% Memory free
5.49 Gb Paging File | 2.43 Gb Available in Paging File | 44.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.48 Gb Total Space | 53.21 Gb Free Space | 24.24% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 2.15 Gb Free Space | 16.43% Space Free | Partition Type: NTFS
Drive E: | 6.64 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 232.74 Gb Total Space | 60.96 Gb Free Space | 26.19% Space Free | Partition Type: FAT32
 
Computer Name: PLANB | User Name: Steven Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/01/14 13:03:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steven Simon\Desktop\OTL.exe
PRC - [2014/01/08 01:44:38 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/08 01:44:37 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/30 09:42:55 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\Steven Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/12/17 17:02:36 | 030,714,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Steven Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/10 22:51:22 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
PRC - [2013/12/05 11:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/03 18:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/10/29 10:46:44 | 000,064,008 | ---- | M] (Google) -- C:\Users\Steven Simon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/06/09 13:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/05/20 23:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 23:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/05/27 11:00:24 | 000,753,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/01/08 01:44:54 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/12/17 17:01:12 | 003,558,400 | ---- | M] () -- C:\Users\Steven Simon\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/12/10 22:51:19 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013/12/05 11:36:56 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/12/03 18:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 18:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 18:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 18:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 18:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 18:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/09/30 09:16:10 | 000,268,968 | ---- | M] () -- C:\Windows\SysWOW64\sqlite3.dll
MOD - [2013/08/23 11:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Steven Simon\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/01/09 20:46:31 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/08 01:44:37 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/12/11 18:03:14 | 000,513,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/21 17:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 17:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (c8d49171)
SRV:64bit: - [2009/07/02 10:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/27 18:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2014/01/06 14:33:42 | 002,151,744 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/12/10 22:51:25 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/05 11:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/30 14:17:34 | 002,473,296 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe -- (SecureUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/20 04:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 04:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 04:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/21 17:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/01/08 13:47:07 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/01/08 01:45:04 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/01/08 01:45:04 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/01/08 01:45:04 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/01/08 01:45:03 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/01/08 01:45:03 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/01/08 01:44:59 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/12/19 05:11:27 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/07/17 17:10:52 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 01:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/11/03 03:06:36 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009/11/03 03:06:36 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2009/09/22 02:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/17 06:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/07/21 17:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/14 15:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/02 10:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/24 11:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 12:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 12:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 02:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/04 21:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 17:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/09 06:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{4E25A215-70AB-4499-B9A2-6E77D31A464B}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutD0C0E0E0EyC0CzztB0D0CtDyDzztD0EtN0D0Tzu0CtBtDyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1506874139
IE:64bit: - HKLM\..\SearchScopes\{E7DD16D0-E836-40AA-A533-3CD0D2ADCBD4}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {4E25A215-70AB-4499-B9A2-6E77D31A464B}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{23FBF1C3-9568-2F72-89C6-623AABD1349B}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{4E25A215-70AB-4499-B9A2-6E77D31A464B}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutD0C0E0E0EyC0CzztB0D0CtDyDzztD0EtN0D0Tzu0CtBtDyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1506874139
IE - HKLM\..\SearchScopes\{E7DD16D0-E836-40AA-A533-3CD0D2ADCBD4}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=201203266BC24F908F980F021D7FF141
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-01-14&ent=hp&u=BBEFB53D05E2B9455D90F252D4F1BD05
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{23FBF1C3-9568-2F72-89C6-623AABD1349B}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=201203266BC24F908F980F021D7FF141&q={searchTerms}
IE - HKCU\..\SearchScopes\{39BA65D9-1F46-47F3-AE34-DB903048162A}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-01-14&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
IE - HKCU\..\SearchScopes\{4E25A215-70AB-4499-B9A2-6E77D31A464B}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR&pc=HPNTDF
IE - HKCU\..\SearchScopes\{B0C80357-39A6-4FAF-B80F-26FA3A2C4104}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
IE - HKCU\..\SearchScopes\{E7DD16D0-E836-40AA-A533-3CD0D2ADCBD4}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: "eMusic Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-01-14&ent=hp&u=BBEFB53D05E2B9455D90F252D4F1BD05"
FF - prefs.js..extensions.TW40ahoqt4Q.scode:  EDIT
FF - prefs.js..extensions.enabledAddons: %7B58d2a791-6199-482f-a9aa-9b725ec61362%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1367
FF - prefs.js..extensions.enabledItems: {14348425-a8a3-4980-b96e-aa14df7650a7}:2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.tOqmj9s.scode: EDIT
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Steven Simon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Steven Simon\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Steven Simon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Steven Simon\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Steven Simon\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/01/08 01:45:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/09 14:04:16 | 000,000,000 | ---D | M]
 
[2012/07/28 14:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven Simon\AppData\Roaming\Mozilla\Extensions
[2014/01/14 00:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\extensions
[2014/01/14 00:16:48 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2014/01/01 12:29:26 | 000,000,000 | ---D | M] (CCheeapMue) -- C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\extensions\deek-nsdsa@q-pxa.co.uk
[2014/01/07 22:41:26 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\extensions\speeddial@instair.net
[2014/01/01 12:29:48 | 000,000,000 | ---D | M] (EnjjoyCOiupoon) -- C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\extensions\vpau@bvuotj.co.uk
[2014/01/09 12:43:06 | 000,007,641 | ---- | M] () (No name found) -- C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}.xpi
[2014/01/07 21:08:40 | 000,000,915 | ---- | M] () -- C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\searchplugins\yahoo.xml
[2014/01/07 22:39:10 | 000,000,905 | ---- | M] () -- C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\searchplugins\yahoo_ff.xml
[2013/11/16 23:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/16 23:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
[2013/11/16 23:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/13 14:04:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: SecureSearch (Enabled)
CHR - default_search_provider: search_url = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-01-14&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_8&idate=2014-01-14&ent=hp&u=BBEFB53D05E2B9455D90F252D4F1BD05
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Steven Simon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Steven Simon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - homepage: http://search.yahoo.com/?type=714647&fr=spigot-yhp-ch
CHR - Extension: avast! Online Security = C:\Users\Steven Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: Google Wallet = C:\Users\Steven Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
 
O1 HOSTS File: ([2014/01/08 01:06:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
O2 - BHO: (no name) - {06A62326-A7B7-E8FF-64B7-92135DFA39DB} - No CLSID value found.
O2 - BHO: (no name) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - No CLSID value found.
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
O2 - BHO: (no name) - {798D36A5-D520-3DEC-2C06-ECA01F5DB9B0} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Steven Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Steven Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Steven Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Steven Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59767401-3C13-4D21-947D-80E0F35FF6A8}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C26A938A-860B-4D4E-A17D-4D588B0EC268}: DhcpNameServer = 172.28.22.20 172.28.22.56 172.28.0.20
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/28 10:21:49 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2006/06/25 19:17:47 | 000,000,061 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/14 11:25:52 | 000,000,000 | ---D | C] -- C:\Users\Steven Simon\Desktop\Bullbleep Viruses
[2014/01/14 08:24:55 | 000,000,000 | ---D | C] -- C:\Users\Steven Simon\AppData\Roaming\Lavasoft
[2014/01/14 00:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2014/01/14 00:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2014/01/14 00:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
[2014/01/14 00:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2014/01/14 00:17:05 | 000,000,000 | ---D | C] -- C:\Users\Steven Simon\AppData\Local\adawarebp
[2014/01/14 00:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2014/01/14 00:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2014/01/14 00:15:56 | 000,000,000 | ---D | C] -- C:\Users\Steven Simon\AppData\Roaming\SecureSearch
[2014/01/14 00:13:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2014/01/14 00:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2014/01/13 23:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
[2014/01/13 23:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy)
[2014/01/13 14:05:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/01/12 23:45:15 | 000,000,000 | ---D | C] -- C:\Users\Steven Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2014/01/12 23:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2014/01/10 23:39:31 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014/01/09 14:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/09 14:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/09 14:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/09 14:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/01/09 14:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/01/09 14:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/01/09 14:03:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/01/08 13:43:22 | 000,000,000 | ---D | C] -- C:\Users\Steven Simon\AppData\Roaming\LavasoftStatistics
[2014/01/08 11:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/01/08 10:50:09 | 000,000,000 | ---D | C] -- C:\Users\Steven Simon\AppData\Roaming\AVAST Software
[2014/01/08 08:01:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2014/01/08 08:00:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2014/01/08 07:52:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/01/08 07:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/01/08 07:51:05 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/01/08 07:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/01/08 01:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/01/08 01:45:25 | 000,079,672 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/08 01:30:44 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/01/08 01:07:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/01/07 23:39:21 | 000,000,000 | ---D | C] -- C:\Users\Steven Simon\.smplayer
[2014/01/07 22:47:10 | 000,000,000 | ---D | C] -- C:\Users\Steven Simon\AppData\Roaming\ProductData
[2014/01/07 22:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
[2014/01/07 22:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2014/01/07 22:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
[2014/01/07 22:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Speed Dial
[2014/01/07 22:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014/01/07 22:38:16 | 000,000,000 | ---D | C] -- C:\Users\Steven Simon\AppData\Roaming\IObit
[2014/01/07 22:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2014/01/07 22:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/01/07 22:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/01/06 12:16:19 | 000,000,000 | ---D | C] -- C:\Users\Steven Simon\Desktop\Werk
[2014/01/01 12:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\EnjjoyCOiupoon
[2014/01/01 12:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\lcbkhipnfajogpcmfdlimneidpghpbhm
[2014/01/01 12:29:36 | 000,000,000 | ---D | C] -- C:\Users\Steven Simon\AppData\Local\Packages
[2014/01/01 12:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\755c382b6f0ea581
[2014/01/01 12:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\CCheeapMue
[2013/12/30 04:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\InteliWeb
[2013/12/23 19:49:05 | 000,000,000 | ---D | C] -- C:\Users\Steven Simon\Desktop\Grateful Dead Before You Were Born
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/14 13:01:22 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3286976788-1296449153-3420901974-1000UA.job
[2014/01/14 13:01:22 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/14 13:01:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/14 13:01:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/14 08:29:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/14 08:29:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/14 08:16:55 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/14 08:16:20 | 2211,602,432 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/14 00:31:00 | 000,000,967 | ---- | M] () -- C:\Windows\wininit.ini
[2014/01/13 23:40:10 | 000,861,894 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/13 23:40:10 | 000,720,658 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/13 23:40:10 | 000,142,028 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/13 23:10:51 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3286976788-1296449153-3420901974-1000Core.job
[2014/01/11 00:08:20 | 000,007,607 | ---- | M] () -- C:\Users\Steven Simon\AppData\Local\Resmon.ResmonCfg
[2014/01/10 15:57:54 | 000,425,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/09 20:46:31 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/01/09 20:46:31 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/01/08 13:47:07 | 000,079,672 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/01/08 01:45:04 | 001,034,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/01/08 01:45:04 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/01/08 01:45:04 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/01/08 01:45:03 | 000,422,216 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/01/08 01:45:03 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/01/08 01:45:03 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/01/08 01:44:59 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/01/08 01:44:56 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/08 01:30:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2014/01/08 01:06:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/20 01:10:35 | 000,001,053 | ---- | M] () -- C:\Users\Steven Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/12/19 05:11:27 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
 
========== Files Created - No Company Name ==========
 
[2014/01/14 00:30:57 | 000,000,967 | ---- | C] () -- C:\Windows\wininit.ini
[2014/01/13 14:05:06 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/01/10 15:58:35 | 000,001,417 | ---- | C] () -- C:\Users\Steven Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/01/09 20:46:31 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/01/09 20:46:31 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/01/08 09:46:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/01/08 07:56:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/01/08 01:30:42 | 000,207,904 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/01/08 01:30:40 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/01/07 22:40:53 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/11/25 23:22:42 | 000,000,100 | ---- | C] () -- C:\Users\Steven Simon\AppData\Local\fusioncache.dat
[2012/07/23 23:24:56 | 000,384,844 | ---- | C] () -- C:\Users\Steven Simon\AppData\Local\funmoods-speeddial.crx
[2012/03/31 00:26:24 | 000,000,360 | ---- | C] () -- C:\Users\Steven Simon\AppData\Roaming\com.kennettnet.MusicRescue4.plist
[2012/01/05 00:21:30 | 000,000,000 | ---- | C] () -- C:\Users\Steven Simon\AppData\Local\{26087E69-92F1-411F-AAFE-3BBAE270BDA1}
[2011/12/15 23:08:50 | 000,010,770 | -HS- | C] () -- C:\Users\Steven Simon\AppData\Local\epdvhb5d8adb2sbk7lks4w824h5w
[2011/12/15 23:08:50 | 000,010,770 | -HS- | C] () -- C:\ProgramData\epdvhb5d8adb2sbk7lks4w824h5w
[2011/07/20 21:40:37 | 000,007,607 | ---- | C] () -- C:\Users\Steven Simon\AppData\Local\Resmon.ResmonCfg
[2011/02/11 22:27:47 | 000,855,641 | ---- | C] () -- C:\Users\Steven Simon\AppData\Roaming\PandaIDProtectHelp.chm
[2010/11/01 08:23:16 | 000,003,584 | ---- | C] () -- C:\Users\Steven Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/06 23:14:09 | 006,069,688 | ---- | C] () -- C:\Users\Steven Simon\Somethings-Gotta-Give.mp3
[2009/12/06 15:04:52 | 000,002,146 | ---- | C] () -- C:\Users\Steven Simon\AppData\Roaming\wklnhst.dat
[2009/11/29 19:53:13 | 000,000,294 | ---- | C] () -- C:\ProgramData\hpqp.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010/05/08 00:29:17 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\Amazon
[2014/01/08 10:50:09 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\AVAST Software
[2014/01/07 23:29:56 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\DefaultTab
[2013/05/09 00:37:53 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\DiskAid
[2014/01/14 08:21:50 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\Dropbox
[2011/07/17 12:33:24 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\eMusic
[2011/01/22 09:12:56 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\ESRI
[2012/03/31 00:51:13 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\GetRightToGo
[2014/01/07 22:46:30 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\IObit
[2010/06/07 17:40:50 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\OpenOffice.org
[2009/12/05 15:53:29 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\Panda Security
[2014/01/07 22:47:10 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\ProductData
[2014/01/14 00:15:56 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\SecureSearch
[2014/01/14 08:24:34 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\Spotify
[2012/09/10 19:48:50 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\Stardock
[2011/02/10 07:47:03 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\SurfSecret Privacy Suite
[2009/12/06 15:04:53 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\Template
[2014/01/13 23:16:27 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\uTorrent
[2013/05/01 22:14:22 | 000,000,000 | ---D | M] -- C:\Users\Steven Simon\AppData\Roaming\Zotero
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:A1063995
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
 

Attached Files


Edited by Noviciate, 14 January 2014 - 05:19 PM.
Log added from attachment.


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:30 AM

Posted 14 January 2014 - 05:26 PM

Please download AdwCleaner by Xplode from here and save it to your Desktop.

  • Close all open programs, including browsers.
  • Double click adwcleaner.exe to begin.
  • Click on Scan and, once complete, click on report and let me have the contents of the text that opens.
  • A copy of the text file will be saved to C:\AdwCleaner[R*].txt - make sure you post the file with the biggest "R" number.

 


So long, and thanks for all the fish.

 

 


#7 stevensimon10482

stevensimon10482
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 14 January 2014 - 06:13 PM

# AdwCleaner v3.017 - Report created 14/01/2014 at 15:12:08
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Steven Simon - PLANB
# Running from : C:\Users\Steven Simon\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
File Found : C:\Users\Steven Simon\AppData\Local\funmoods-speeddial.crx
File Found : C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\user.js
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Folder Found : C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Folder Found : C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\Extensions\deek-nsdsa@q-pxa.co.uk
Folder Found : C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\Extensions\speeddial@instair.net
Folder Found : C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\Extensions\speeddial@instair.net
Folder Found : C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\Extensions\vpau@bvuotj.co.uk
Folder Found C:\Program Files (x86)\Playbryte
Folder Found C:\Program Files (x86)\Secure Speed Dial
Folder Found C:\Program Files (x86)\Toolbar Cleaner
Folder Found C:\ProgramData\blekko toolbars
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\EnjjoyCOiupoon
Folder Found C:\ProgramData\Search Protection
Folder Found C:\Users\Steven Simon\AppData\Local\blekkotb
Folder Found C:\Users\Steven Simon\AppData\Local\PackageAware
Folder Found C:\Users\Steven Simon\AppData\LocalLow\adawaretb
Folder Found C:\Users\Steven Simon\AppData\LocalLow\Playbryte
Folder Found C:\Users\Steven Simon\AppData\Roaming\DefaultTab
Folder Found C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\adawaretb
Folder Found C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\blekkotb
Folder Found C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\Conduit

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\wecarereminder
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : [x64] HKCU\Software\wecarereminder
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\adawaretb
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LiveSupport_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LiveSupport_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Playbryte
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\Toolbar Cleaner
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page] - hxxp://blekko.com?source=c3348dd4&tbp=homepage&toolbarid=blekkotb&u=201203266BC24F908F980F021D7FF141

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Steven Simon\AppData\Roaming\Mozilla\Firefox\Profiles\j13m9i1s.default\prefs.js ]

Line Found : user_pref("CT1641676.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT1641676.CTID", "CT1641676");
Line Found : user_pref("CT1641676.DialogsAlignMode", "LTR");
Line Found : user_pref("CT1641676.FeedLastCount128173421661550052", 0);
Line Found : user_pref("CT1641676.FeedPollDate128179379659625088", "Sun Feb 14 2010 14:40:41 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT1641676.FeedPollDate128179379659625090", "Sun Feb 14 2010 14:40:41 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT1641676.FirstTime", true);
Line Found : user_pref("CT1641676.FirstTimeFF3", true);
Line Found : user_pref("CT1641676.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT1641676.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT1641676.Initialize", true);
Line Found : user_pref("CT1641676.InitializeCommonPrefs", true);
Line Found : user_pref("CT1641676.InstalledDate", "Sun Feb 14 2010 14:40:42 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT1641676.IsGrouping", false);
Line Found : user_pref("CT1641676.IsMulticommunity", false);
Line Found : user_pref("CT1641676.IsOpenThankYouPage", true);
Line Found : user_pref("CT1641676.IsOpenUninstallPage", true);
Line Found : user_pref("CT1641676.LanguagePackLastCheckTime", "Sun Feb 14 2010 14:40:42 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT1641676.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT1641676.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT1641676.LastLogin_2.3.0.4", "Sun Feb 14 2010 14:40:54 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT1641676.LatestVersion", "2.1.0.18");
Line Found : user_pref("CT1641676.Locale", "en-us");
Line Found : user_pref("CT1641676.LoginCache", 4);
Line Found : user_pref("CT1641676.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT1641676.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT1641676.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT1641676.SHRINK_TOOLBAR", 1);
Line Found : user_pref("CT1641676.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT1641676.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=2&q=");
Line Found : user_pref("CT1641676.SettingsCheckIntervalMin", 120);
Line Found : user_pref("CT1641676.SettingsLastCheckTime", "Sun Feb 14 2010 14:40:39 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT1641676.SettingsLastUpdate", "1257192699");
Line Found : user_pref("CT1641676.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT1641676.ThirdPartyComponentsLastCheck", "Sun Feb 14 2010 14:40:38 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT1641676.ThirdPartyComponentsLastUpdate", "1257192699");
Line Found : user_pref("CT1641676.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Found : user_pref("CT1641676.UserID", "UN07473327003185293");
Line Found : user_pref("CT1641676.WeatherNetwork", "");
Line Found : user_pref("CT1641676.WeatherPollDate", "Sun Feb 14 2010 15:00:50 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT1641676.WeatherUnit", "F");
Line Found : user_pref("CT1641676.alertChannelId", "22332");
Line Found : user_pref("CT1641676.clientLogIsEnabled", false);
Line Found : user_pref("CT1641676.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT1641676.myStuffEnabled", true);
Line Found : user_pref("CT1641676.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT1641676.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&SearchType=ToolbarComponents");
Line Found : user_pref("CT1641676.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT1641676.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT1641676.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT1641676");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1641676");
Line Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Line Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Feb 14 2010 14:40:41 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.locale", "en");
Line Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Feb 14 2010 14:40:38 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");
Line Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.alert.userId", "{c6120a66-6d16-4809-a172-54e57f8d909e}");
Line Found : user_pref("aol_toolbar.default.homepage.check", false);
Line Found : user_pref("aol_toolbar.default.search.check", false);
Line Found : user_pref("browser.search.defaultthis.engineName", "eMusic Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q={searchTerms}");
Line Found : user_pref("browser.search.order.1", "Search Results");
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Found : user_pref("extensions.TW40ahoqt4Q.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<[...]
Line Found : user_pref("extensions.ffxtlbr@funmoods.com.install-event-fired", true);
Line Found : user_pref("extensions.funmoods.aflt", "adknlg");
Line Found : user_pref("extensions.funmoods.autoRvrt", false);
Line Found : user_pref("extensions.funmoods.cntry", "US");
Line Found : user_pref("extensions.funmoods.cv", "cv5");
Line Found : user_pref("extensions.funmoods.dfltLng", "");
Line Found : user_pref("extensions.funmoods.dfltSrch", true);
Line Found : user_pref("extensions.funmoods.dnsErr", true);
Line Found : user_pref("extensions.funmoods.envrmnt", "production");
Line Found : user_pref("extensions.funmoods.excTlbr", false);
Line Found : user_pref("extensions.funmoods.hdrMd5", "41EA3B957E44C6CB17E9AB2F2FB3A660");
Line Found : user_pref("extensions.funmoods.hmpg", true);
Line Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutD0C0E0E0EyC0CzztB0D0CtDyDzztD0EtN0D0Tzu0CtBtDyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=150687413[...]
Line Found : user_pref("extensions.funmoods.id", "0CEEE6C82DC0580E");
Line Found : user_pref("extensions.funmoods.instlDay", "15545");
Line Found : user_pref("extensions.funmoods.instlRef", "adknlg");
Line Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.220:24:43");
Line Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Line Found : user_pref("extensions.funmoods.newTab", true);
Line Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutD0C0E0E0EyC0CzztB0D0CtDyDzztD0EtN0D0Tzu0CtBtDyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1506874[...]
Line Found : user_pref("extensions.funmoods.prdct", "funmoods");
Line Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Found : user_pref("extensions.funmoods.sg", "none");
Line Found : user_pref("extensions.funmoods.smplGrp", "none");
Line Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Found : user_pref("extensions.funmoods.tlbrId", "base");
Line Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutD0C0E0E0EyC0CzztB0D0CtDyDzztD0EtN0D0Tzu0CtBtDyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=15068[...]
Line Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.220:24:43");
Line Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Found : user_pref("extensions.funmoods_i.newTab", true);
Line Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.220:24:43");
Line Found : user_pref("extensions.tOqmj9s.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)re[...]
Line Found : user_pref("extensions.wajam.affiliate_id", "4220");
Line Found : user_pref("extensions.wajam.firstrun", "false");
Line Found : user_pref("extensions.wajam.log_send_info", "false");
Line Found : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21083\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(|\\\\\\/ig|\\\\\\/firefox)\",\"[...]
Line Found : user_pref("extensions.wajam.no_trace", "false");
Line Found : user_pref("extensions.wajam.server_current_mapping_version", "0.21083");
Line Found : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'W[...]
Line Found : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';[...]
Line Found : user_pref("extensions.wajam.supported_sites.yahoo.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['[...]
Line Found : user_pref("extensions.wajam.trace_log", "1343114711140 - processInstallationUpgrade - version set to : 1.25\n1343114711140 - processBrowserLoad - Bad mappingListJsonString: null\n1343114711630 - onFla[...]
Line Found : user_pref("extensions.wajam.unique_id", "40C7B187FF011C299F0228D4127D9998");
Line Found : user_pref("extensions.wajam.user_current_mapping_version", "0");
Line Found : user_pref("extensions.wajam.version", "1.25");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Steven Simon\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [22726 octets] - [14/01/2014 15:04:31]
AdwCleaner[R1].txt - [22787 octets] - [14/01/2014 15:08:02]
AdwCleaner[R2].txt - [22606 octets] - [14/01/2014 15:12:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [22667 octets] ##########
 



#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:30 AM

Posted 15 January 2014 - 02:57 PM

Good evening. :)

Will you run the tool again and this time, once the scan has completed, click on the Clean button, accept any prompts that appear and allow the system to reboot.
You will then be presented with the report. Copy & Paste it into your next post.


So long, and thanks for all the fish.

 

 


#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:30 AM

Posted 20 January 2014 - 04:02 PM

As there has been no response for five days this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users