Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

malware spyware remove [Closed]

Started by dssole23 , Mar 17 2013 09:56 PM

This topic is locked

#1
dssole23

Posted 17 March 2013 - 09:56 PM

Member

Member
77 posts

on firebox i get alot of ads and popups help please

yOTL logfile created on: 3/17/2013 11:26:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darwin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

9.43 Gb Total Physical Memory | 6.88 Gb Available Physical Memory | 72.95% Memory free
18.86 Gb Paging File | 14.95 Gb Available in Paging File | 79.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1851.65 Gb Total Space | 1713.61 Gb Free Space | 92.55% Space Free | Partition Type: NTFS
Drive D: | 11.27 Gb Total Space | 1.38 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
Drive E: | 382.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DARWIN-HP | User Name: Darwin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/17 23:26:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darwin\Downloads\OTL.exe
PRC - [2013/03/12 21:43:16 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013/03/07 23:53:30 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/03/06 16:50:48 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\Darwin\AppData\Roaming\Yontoo\YontooDesktop.exe
PRC - [2013/03/06 16:50:48 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
PRC - [2013/03/06 08:36:54 | 002,731,296 | ---- | M] (Conduit) -- C:\Users\Darwin\AppData\Roaming\SearchProtect\bin\cltmng.exe
PRC - [2013/02/28 18:09:47 | 000,107,336 | ---- | M] () -- C:\Users\Darwin\AppData\Local\Strongvault\StrongVaultBrowser.exe
PRC - [2013/02/28 18:09:46 | 000,400,712 | ---- | M] () -- C:\Users\Darwin\AppData\Local\Strongvault\StrongVaultApp.exe
PRC - [2013/02/28 18:09:45 | 000,197,448 | ---- | M] (Strongvault LLC) -- C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe
PRC - [2013/02/25 08:39:34 | 001,602,984 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2013/02/25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/02/21 05:30:09 | 002,561,488 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013/02/20 08:38:08 | 000,093,984 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/01/25 14:47:00 | 001,074,736 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe
PRC - [2013/01/25 14:47:00 | 000,884,784 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
PRC - [2013/01/25 10:58:02 | 002,663,976 | ---- | M] (Iminent) -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe
PRC - [2013/01/23 15:58:25 | 000,348,160 | ---- | M] () -- C:\ProgramData\BetterSoft\VaudiX\VaudiX.exe
PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/20 02:03:02 | 000,812,544 | ---- | M] () -- C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
PRC - [2012/08/13 11:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 11:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/04/04 18:04:54 | 000,031,664 | ---- | M] (Stronghold Online Backup) -- C:\Users\Darwin\AppData\Local\Strongvault Online Backup\SMessaging.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/16 17:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 17:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/12 12:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/03/28 20:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/25 20:19:08 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/11/20 23:23:51 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2009/12/03 11:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

========== Modules (No Company Name) ==========

MOD - [2013/03/12 21:43:16 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013/03/07 23:53:30 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/02/28 18:09:47 | 000,107,336 | ---- | M] () -- C:\Users\Darwin\AppData\Local\Strongvault\StrongVaultBrowser.exe
MOD - [2013/02/28 18:09:46 | 000,400,712 | ---- | M] () -- C:\Users\Darwin\AppData\Local\Strongvault\StrongVaultApp.exe
MOD - [2013/02/28 18:08:48 | 000,100,864 | ---- | M] () -- C:\Users\Darwin\AppData\Local\Strongvault Online Backup\Services\Temp\Support.BackupAgent.SystemNotification.dll
MOD - [2013/02/28 18:08:47 | 000,013,312 | ---- | M] () -- C:\Users\Darwin\AppData\Local\Strongvault Online Backup\Services\Temp\Support.BackupAgent.ClientMessaging.dll
MOD - [2013/02/28 18:08:47 | 000,008,192 | ---- | M] () -- C:\Users\Darwin\AppData\Local\Strongvault Online Backup\Services\Temp\Support.BackupAgent.Backup.dll
MOD - [2013/02/28 18:08:47 | 000,005,632 | ---- | M] () -- C:\Users\Darwin\AppData\Local\Strongvault Online Backup\Services\Temp\Support.BackupAgent.Delay.dll
MOD - [2013/02/28 18:08:46 | 000,008,192 | ---- | M] () -- C:\Users\Darwin\AppData\Local\Strongvault Online Backup\Services\Temp\Support.BackupAgent.DropListener.dll
MOD - [2013/02/28 18:08:45 | 000,006,656 | ---- | M] () -- C:\Users\Darwin\AppData\Local\Strongvault Online Backup\Services\Temp\Support.BackupAgent.SchedulerPlugInUpdate.dll
MOD - [2013/02/28 18:08:45 | 000,006,144 | ---- | M] () -- C:\Users\Darwin\AppData\Local\Strongvault Online Backup\Services\Temp\Support.BackupAgent.ApplicationUpdate.dll
MOD - [2013/02/28 18:08:42 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\Strongvault Online Backup\Infrastructure.Metrics.dll
MOD - [2013/02/28 18:08:41 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\Strongvault Online Backup\Infrastructure.Metadata.dll
MOD - [2013/02/28 18:08:41 | 000,006,656 | ---- | M] () -- C:\Users\Darwin\AppData\Local\Strongvault Online Backup\Services\Temp\Support.BackupAgent.NotificationUpdate.dll
MOD - [2013/02/28 18:08:39 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\Strongvault Online Backup\Infrastructure.Models.dll
MOD - [2013/02/28 18:08:39 | 000,006,144 | ---- | M] () -- C:\Program Files (x86)\Strongvault Online Backup\Infrastructure.Helpers.dll
MOD - [2013/02/28 17:55:20 | 000,029,696 | ---- | M] () -- C:\Program Files (x86)\Strongvault Online Backup\BBV.Framework.dll
MOD - [2013/02/25 08:39:32 | 000,988,584 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/02/21 05:30:09 | 002,561,488 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013/02/21 05:28:52 | 002,231,248 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2013/02/21 05:27:10 | 000,574,416 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-19.0.dll
MOD - [2013/02/19 12:48:10 | 020,340,648 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/02/16 13:14:53 | 000,148,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\12630df9abc4ebf7ff67de989b8e8123\System.Configuration.Install.ni.dll
MOD - [2013/02/15 18:30:17 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/15 18:30:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/14 02:48:00 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013/02/08 15:10:10 | 000,238,080 | ---- | M] () -- C:\Program Files (x86)\Strongvault Online Backup\System.ComponentModel.Composition.dll
MOD - [2013/02/05 20:52:36 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll
MOD - [2013/02/05 20:52:35 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll
MOD - [2013/02/05 20:51:16 | 002,906,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\ac23cd46d40b425c4826acadd481cfc0\ReachFramework.ni.dll
MOD - [2013/02/05 20:51:06 | 001,925,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\da5ccd3bc4583fb68696cb0c8209daf4\System.Web.Services.ni.dll
MOD - [2013/02/05 20:50:55 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll
MOD - [2013/02/05 20:50:55 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll
MOD - [2013/02/05 20:50:54 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll
MOD - [2013/02/05 20:50:53 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/02/05 20:50:52 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
MOD - [2013/02/05 20:50:52 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll
MOD - [2013/02/05 20:50:24 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/02/05 20:49:55 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll
MOD - [2013/02/05 20:49:27 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\44700e64c32d11d6b2147fd87dbfd761\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2013/02/05 20:49:07 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/02/05 20:49:04 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/02/05 01:11:02 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll
MOD - [2013/02/05 01:10:50 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
MOD - [2013/02/05 01:10:48 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll
MOD - [2013/02/05 01:10:46 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll
MOD - [2013/02/05 01:06:47 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/02/05 01:06:47 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/02/05 01:06:47 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.Wrapper.dll
MOD - [2013/02/05 01:06:46 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/02/05 01:06:23 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/02/05 01:06:21 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013/02/05 01:06:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/02/05 01:06:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/02/05 01:06:03 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/02/05 01:05:54 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/02/04 23:01:42 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013/02/04 23:01:31 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013/02/04 23:01:29 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll
MOD - [2013/02/04 23:01:25 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013/02/04 23:01:23 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/02/04 23:01:23 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/02/04 23:01:21 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013/02/04 23:01:19 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013/02/04 23:01:18 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/02/04 23:01:14 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2013/01/28 14:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 14:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/01/24 07:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files (x86)\VaudiX\sprotector.dll
MOD - [2013/01/04 13:39:43 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Strongvault Online Backup\Metrics.Dispatching.dll
MOD - [2013/01/04 13:39:43 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Strongvault Online Backup\Environment.Identification.dll
MOD - [2012/12/18 19:28:50 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2012/12/11 10:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 10:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/11 10:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/11/20 02:03:02 | 000,812,544 | ---- | M] () -- C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
MOD - [2012/10/05 06:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/08/10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/04/26 15:38:30 | 020,758,016 | ---- | M] () -- C:\Program Files (x86)\i-Funbox DevTeam\libcef.dll
MOD - [2010/11/20 23:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/20 23:24:07 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2010/11/20 23:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/07/13 21:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/06/10 17:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/02/10 04:03:26 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/12/13 05:38:15 | 000,311,296 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/03/25 20:19:08 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/12 21:43:17 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 23:53:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/21 05:30:09 | 002,561,488 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013/02/20 08:38:08 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/01/25 10:58:02 | 002,663,976 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe -- (SProtection)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 20:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/16 17:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/12 12:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/03/28 20:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/29 20:38:57 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/01 19:40:57 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/08/01 19:40:57 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 22:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 21:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/10 04:03:50 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/10 04:03:47 | 010,818,048 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/01/29 21:42:29 | 000,104,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012/01/16 06:08:01 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/01/16 06:07:59 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/01/11 02:32:40 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2012/01/11 02:32:38 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/12/27 22:04:10 | 000,054,400 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/12/13 05:38:48 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/25 14:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/25 22:21:10 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/03/25 22:21:06 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/03/25 22:21:06 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/03/25 22:21:06 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/03/25 22:21:06 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/03/22 23:39:20 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/01 18:59:50 | 000,024,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cqcpu.sys -- (cqcpu)
DRV:64bit: - [2010/03/01 18:59:50 | 000,024,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpqdfw.sys -- (CpqDfw)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/14 14:26:50 | 000,057,312 | ---- | M] (Ray Hinchliffe) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SIVX64.sys -- (SIVDRIVER)
DRV:64bit: - [2007/10/12 03:00:22 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/10/12 02:56:34 | 000,582,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV561V64.sys -- (PID_0928)
DRV - [2013/03/12 21:25:07 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130316.006\ex64.sys -- (NAVEX15)
DRV - [2013/03/12 21:25:07 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130316.006\eng64.sys -- (NAVENG)
DRV - [2013/01/28 22:17:16 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/01/28 22:17:16 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/26 23:56:36 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130313.003\IDSviA64.sys -- (IDSVia64)
DRV - [2013/01/16 04:22:36 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3CEF6ACC-BC44-B987-DC7B-31049192E173}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{4639DE2E-465B-D23E-6D52-46EBB6449584}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{710C628C-481E-4E06-A686-3BB08FFC516E}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\URLSearchHook: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVisu.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - C:\Program Files (x86)\WhiteSmoke_B\prxtbWhit.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {3CEF6ACC-BC44-B987-DC7B-31049192E173}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{3CEF6ACC-BC44-B987-DC7B-31049192E173}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{710C628C-481E-4E06-A686-3BB08FFC516E}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-sea...0009cb70d9d0814
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...E1-73C38F2513EE
IE - HKCU\..\URLSearchHook: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVisu.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {f0e59437-6148-4a98-b0a6-60d557ef57f4} - C:\Program Files (x86)\WhiteSmoke_B\prxtbWhit.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {DF0925CF-9D62-49A8-9317-E821D829CF8C}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...0009cb70d9d0814
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{4639DE2E-465B-D23E-6D52-46EBB6449584}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{710C628C-481E-4E06-A686-3BB08FFC516E}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{DF0925CF-9D62-49A8-9317-E821D829CF8C}: "URL" = http://search.condui...742522241023831
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3281023.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke B Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...09771681741933"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke B Customized Web Search"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "http://search.condui...1-73C38F2513EE"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..keyword.URL: "http://search.condui...33&UM=UM_ID&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2013/01/29 20:15:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013/03/16 21:52:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Iminent\[email protected] [2013/02/18 00:17:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013/03/07 02:32:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 23:53:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/03/02 14:45:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HappyLyrics\FF\ [2013/03/07 02:29:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 23:53:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/01/28 22:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darwin\AppData\Roaming\Mozilla\Extensions
[2013/03/07 02:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\apjrtdq0.default-1361242402277\extensions
[2013/02/27 20:59:59 | 000,000,000 | ---D | M] (WhiteSmoke B) -- C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\apjrtdq0.default-1361242402277\extensions\{f0e59437-6148-4a98-b0a6-60d557ef57f4}
[2013/02/27 20:59:32 | 000,000,000 | ---D | M] (VVaaudix) -- C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\apjrtdq0.default-1361242402277\extensions\[email protected]
[2013/03/07 02:29:44 | 000,000,000 | ---D | M] (GetSavin) -- C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\apjrtdq0.default-1361242402277\extensions\getsavin@jetpack
[2013/03/07 02:31:41 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\apjrtdq0.default-1361242402277\extensions\[email protected]
[2013/03/07 02:31:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\fveuxo6o.default-1362028059579\extensions
[2013/03/07 02:30:08 | 000,000,000 | ---D | M] (VisualBee V.1) -- C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\fveuxo6o.default-1362028059579\extensions\{7aeae561-714b-45f6-ace3-4a8aed6e227b}
[2013/03/02 14:45:46 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\fveuxo6o.default-1362028059579\extensions\[email protected]
[2013/03/07 02:31:42 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\fveuxo6o.default-1362028059579\extensions\[email protected]
[2013/02/27 21:00:00 | 000,000,983 | ---- | M] () -- C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\apjrtdq0.default-1361242402277\searchplugins\conduit.xml
[2013/03/07 02:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/02 14:45:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/03/07 02:32:08 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/03/07 23:53:30 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/02 14:45:35 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013/01/16 16:10:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/26 19:04:00 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: Happy Lyrics = C:\Users\Darwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ealchnonpofjocgofjpopjdoegbbkofj\1.110\
CHR - Extension: VVaaudix = C:\Users\Darwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\glhiapecinmgjgpnjfpkoajijmadgcnl\1\
CHR - Extension: No name found = C:\Users\Darwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hacjidbllfnlecmikihhjphlicpbepih\1.0.0\
CHR - Extension: InfoAtoms = C:\Users\Darwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.5.0.0\
CHR - Extension: InfoAtoms = C:\Users\Darwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.5.0.0_0\
CHR - Extension: No name found = C:\Users\Darwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\crossrider
CHR - Extension: No name found = C:\Users\Darwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.21.11_0\
CHR - Extension: GetSavin = C:\Users\Darwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\
CHR - Extension: GetSavin = C:\Users\Darwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\

O1 HOSTS File: ([2013/03/02 16:41:50 | 000,000,877 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Coupon Companion Plugin) - {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll (215 Apps)
O2 - BHO: (Happy Lyrics) - {59C0C5BD-2579-433A-BBB8-AFFD59642BAF} - C:\Program Files (x86)\HappyLyrics\hppylrc.dll (Happy Productions)
O2 - BHO: (VVaaudix) - {5FCEE6A8-6EAF-DC6D-6FD3-05249244E595} - C:\ProgramData\VVaaudix\512eb2df3acd9.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (VisualBee V.1 Toolbar) - {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVisu.dll (Conduit Ltd.)
O2 - BHO: (GetSavin 5.0) - {8EC92BD3-BE88-4B7C-865A-60E52644ED67} - C:\Users\Darwin\AppData\Local\getsavin\ie\getsavin_1362637802.dll ()
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (WhiteSmoke B Toolbar) - {f0e59437-6148-4a98-b0a6-60d557ef57f4} - C:\Program Files (x86)\WhiteSmoke_B\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VisualBee V.1 Toolbar) - {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVisu.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (WhiteSmoke B Toolbar) - {f0e59437-6148-4a98-b0a6-60d557ef57f4} - C:\Program Files (x86)\WhiteSmoke_B\prxtbWhit.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (VisualBee V.1 Toolbar) - {7AEAE561-714B-45F6-ACE3-4A8AED6E227B} - C:\Program Files (x86)\VisualBee_V.1\prxtbVisu.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (WhiteSmoke B Toolbar) - {F0E59437-6148-4A98-B0A6-60D557EF57F4} - C:\Program Files (x86)\WhiteSmoke_B\prxtbWhit.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\Beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [SMessaging] C:\Users\Darwin\AppData\Local\Strongvault Online Backup\SMessaging.exe (Stronghold Online Backup)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [BackupAgent] C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe (Strongvault LLC)
O4 - HKCU..\Run: [Epson Stylus NX420(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_S5311.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [iFunBoxConnector] C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe ()
O4 - HKCU..\Run: [SearchProtect] C:\Users\Darwin\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\Darwin\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - Startup: C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
O4 - Startup: C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C121C014-A7B7-4F46-B0CE-9DBACEDB71D1}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - AppInit_DLLs: (c:\progra~2\vaudix\sprote~1.dll) - c:\Program Files (x86)\VaudiX\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/28 07:58:06 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{efc02b3d-dc3a-11e1-b5ae-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{efc02b3d-dc3a-11e1-b5ae-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011/08/19 07:36:48 | 000,212,048 | R--- | M] (Brother Industries, Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/14 02:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/14 02:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/14 02:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/11 02:18:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/03/11 02:18:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/03/09 19:22:51 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Roaming\Malwarebytes
[2013/03/09 19:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/09 19:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/09 19:22:39 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/09 19:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/09 19:22:29 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Local\Programs
[2013/03/09 14:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/03/09 14:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/07 03:20:21 | 000,000,000 | ---D | C] -- C:\Users\Darwin\Documents\My Labels
[2013/03/07 02:32:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2013/03/07 02:32:18 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/03/07 02:32:11 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Local\Strongvault Online Backup
[2013/03/07 02:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/03/07 02:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Strongvault Online Backup
[2013/03/07 02:32:11 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Local\Strongvault
[2013/03/07 02:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strongvault Online Backup
[2013/03/07 02:32:09 | 000,000,000 | ---D | C] -- C:\Users\Darwin\Documents\My Web Backups
[2013/03/07 02:32:01 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/03/07 02:31:41 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Roaming\Yontoo
[2013/03/07 02:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2013/03/07 02:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/03/07 02:30:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VisualBee_V.1
[2013/03/07 02:30:25 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Local\VisualBeeClient
[2013/03/07 02:30:12 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Local\VisualBeeExe
[2013/03/07 02:29:43 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Local\getsavin
[2013/03/07 02:29:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HappyLyrics
[2013/03/07 02:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2013/03/07 02:29:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InfoAtoms
[2013/03/05 19:37:34 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Roaming\Brother
[2013/03/05 19:35:31 | 000,376,832 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BSQ70M.EXE
[2013/03/05 19:35:31 | 000,068,608 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BSQ70L.DLL
[2013/03/05 19:35:31 | 000,011,264 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BSQ70M.DLL
[2013/03/05 19:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother P-touch
[2013/03/05 19:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Brother
[2013/03/05 19:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2013/03/05 15:55:25 | 000,000,000 | ---D | C] -- C:\Users\Darwin\Desktop\brys pictures
[2013/03/04 21:49:36 | 000,000,000 | ---D | C] -- C:\Users\Darwin\Desktop\evasi0n-win-1.3
[2013/03/02 15:45:25 | 000,000,000 | ---D | C] -- C:\Users\Darwin\.shsh
[2013/03/02 15:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/03/02 15:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/03/02 15:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/03/02 15:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/03/02 15:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/03/02 15:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/03/02 15:14:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/03/02 15:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/03/02 15:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/03/02 15:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/03/02 15:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/03/02 15:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/03/02 15:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/03/02 15:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/03/02 14:58:17 | 000,000,000 | ---D | C] -- C:\iFaith
[2013/03/02 14:45:55 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013/03/02 14:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013/03/02 14:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013/03/02 14:45:42 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Roaming\BabSolution
[2013/03/02 14:45:40 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Roaming\Delta
[2013/03/02 14:45:27 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Roaming\Babylon
[2013/03/02 14:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/03/02 14:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDownloaderManager
[2013/02/27 21:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/02/27 21:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
[2013/02/27 21:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VaudiX
[2013/02/27 21:00:24 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Local\Conduit
[2013/02/27 21:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhiteSmoke_B
[2013/02/27 21:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\BetterSoft
[2013/02/27 21:00:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/02/27 21:00:01 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Roaming\SearchProtect
[2013/02/27 21:00:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2013/02/27 20:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VVaaudix
[2013/02/27 20:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\VVaaudix
[2013/02/27 20:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/02/26 20:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2013/02/26 20:09:35 | 000,000,000 | ---D | C] -- C:\Nexon
[2013/02/26 20:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2013/02/26 19:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/23 10:23:03 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Roaming\Epson
[2013/02/21 23:18:31 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Roaming\Leadertech
[2013/02/21 23:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2013/02/21 23:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2013/02/21 23:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2013/02/21 23:16:50 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Roaming\InstallShield
[2013/02/21 23:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2013/02/21 23:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2013/02/21 23:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2013/02/21 23:16:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2013/02/21 23:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2013/02/21 23:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2013/02/18 18:27:31 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2013/02/18 00:18:23 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Roaming\iFunbox_UserCache
[2013/02/18 00:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\i-Funbox DevTeam
[2013/02/18 00:17:33 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Roaming\Iminent
[2013/02/18 00:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2013/02/18 00:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2013/02/18 00:17:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Umbrella
[2013/02/18 00:17:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013/02/18 00:16:51 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Roaming\Searchya
[2013/02/18 00:16:50 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Local\Updater21804
[2013/02/18 00:16:47 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Local\Google
[2013/02/18 00:16:47 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Local\Coupon Companion Plugin
[2013/02/18 00:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion Plugin
[2013/02/17 23:39:11 | 000,000,000 | ---D | C] -- C:\Users\Darwin\Desktop\jailbreak tools
[2013/02/17 23:09:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/02/17 03:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2013/02/17 03:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/02/16 23:24:56 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Casino at bet365
[2013/02/16 23:24:20 | 000,000,000 | ---D | C] -- C:\Casino
[2013/02/16 21:04:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\stalker-shoc
[2013/02/16 14:44:38 | 000,000,000 | ---D | C] -- C:\Users\Darwin\AppData\Local\libimobiledevice
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/17 22:40:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/17 22:14:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/17 10:50:25 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\Happy Lyrics Update.job
[2013/03/16 21:58:46 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/16 21:58:46 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/16 21:55:51 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/16 21:55:51 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/16 21:55:51 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/16 21:49:41 | 000,000,380 | -H-- | M] () -- C:\Windows\tasks\schedule!481551474.job
[2013/03/16 21:49:24 | 3297,959,935 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/14 23:27:00 | 046,077,600 | ---- | M] () -- C:\Users\Darwin\Desktop\Evans Technology in Action 8th txtbk.7z
[2013/03/13 21:28:33 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDarwin.job
[2013/03/09 19:22:40 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/09 14:59:59 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/07 02:32:17 | 000,001,290 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe.lnk
[2013/03/07 02:30:55 | 000,000,009 | ---- | M] () -- C:\END
[2013/03/06 02:01:22 | 000,329,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/05 19:32:13 | 000,002,619 | ---- | M] () -- C:\Users\Darwin\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
[2013/03/05 19:32:13 | 000,002,595 | ---- | M] () -- C:\Users\Public\Desktop\P-touch Update Software.lnk
[2013/03/05 19:31:47 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\P-touch Address Book 1.1.lnk
[2013/03/05 19:31:04 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\P-touch Editor 5.0.lnk
[2013/03/02 16:41:50 | 000,000,877 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2013/03/02 16:41:50 | 000,000,877 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/02 15:14:36 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/02/26 20:11:02 | 000,001,605 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2013/02/21 23:37:44 | 000,001,380 | ---- | M] () -- C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2013/02/21 23:18:31 | 000,000,071 | ---- | M] () -- C:\Windows\ENX420.ini
[2013/02/21 23:15:55 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/02/19 00:46:06 | 930,555,533 | ---- | M] () -- C:\Users\Darwin\Desktop\iPhone3,2_6.0_10A403_Restore.ipsw
[2013/02/19 00:22:32 | 935,561,144 | ---- | M] () -- C:\Users\Darwin\Desktop\iPhone3,3_6.1_10B141_Restore.ipsw
[2013/02/19 00:18:21 | 927,849,448 | ---- | M] () -- C:\Users\Darwin\Desktop\iPhone3,3_6.0.1_10A523_Restore.ipsw
[2013/02/18 00:19:04 | 000,000,413 | ---- | M] () -- C:\wakeuptoken.info
[2013/02/18 00:17:31 | 000,000,620 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/02/18 00:16:45 | 000,339,334 | ---- | M] () -- C:\Users\Darwin\AppData\Local\speeddial.crx
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/14 23:27:26 | 053,488,186 | ---- | C] () -- C:\Users\Darwin\Desktop\Evans Technology in Action 8th txtbk.pdf
[2013/03/14 23:22:21 | 046,077,600 | ---- | C] () -- C:\Users\Darwin\Desktop\Evans Technology in Action 8th txtbk.7z
[2013/03/14 23:20:19 | 071,473,901 | ---- | C] () -- C:\Users\Darwin\Desktop\0131391577Technology.pdf
[2013/03/09 19:22:40 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/09 14:59:59 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/07 02:32:16 | 000,001,290 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe.lnk
[2013/03/07 02:29:42 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\Happy Lyrics Update.job
[2013/03/05 19:35:31 | 000,067,584 | ---- | C] () -- C:\Windows\SysWow64\BSQ70F.DLL
[2013/03/05 19:35:31 | 000,015,652 | ---- | C] () -- C:\Windows\SysWow64\BSQ70M.CHM
[2013/03/05 19:35:31 | 000,001,465 | ---- | C] () -- C:\Windows\SysNative\BSQ70L.INI
[2013/03/05 19:32:13 | 000,002,619 | ---- | C] () -- C:\Users\Darwin\Application Data\Microsoft\Internet Explorer\Quick Launch\P-touch Update Software.lnk
[2013/03/05 19:32:13 | 000,002,595 | ---- | C] () -- C:\Users\Public\Desktop\P-touch Update Software.lnk
[2013/03/05 19:31:47 | 000,002,049 | ---- | C] () -- C:\Users\Public\Desktop\P-touch Address Book 1.1.lnk
[2013/03/05 19:31:04 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\P-touch Editor 5.0.lnk
[2013/03/02 15:14:36 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/03/02 15:13:24 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/02/27 21:00:17 | 000,000,380 | -H-- | C] () -- C:\Windows\tasks\schedule!481551474.job
[2013/02/27 20:59:45 | 000,000,009 | ---- | C] () -- C:\END
[2013/02/26 20:11:02 | 000,001,605 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2013/02/21 23:37:44 | 000,001,380 | ---- | C] () -- C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2013/02/21 23:15:55 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/02/21 23:15:35 | 000,000,071 | ---- | C] () -- C:\Windows\ENX420.ini
[2013/02/19 00:36:44 | 930,555,533 | ---- | C] () -- C:\Users\Darwin\Desktop\iPhone3,2_6.0_10A403_Restore.ipsw
[2013/02/18 23:58:51 | 935,561,144 | ---- | C] () -- C:\Users\Darwin\Desktop\iPhone3,3_6.1_10B141_Restore.ipsw
[2013/02/18 23:53:59 | 927,849,448 | ---- | C] () -- C:\Users\Darwin\Desktop\iPhone3,3_6.0.1_10A523_Restore.ipsw
[2013/02/18 00:19:04 | 000,000,413 | ---- | C] () -- C:\wakeuptoken.info
[2013/02/18 00:17:27 | 000,000,620 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/02/18 00:16:49 | 000,339,334 | ---- | C] () -- C:\Users\Darwin\AppData\Local\speeddial.crx
[2012/08/01 19:55:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/01 19:51:38 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/08/01 19:51:38 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/08/01 19:51:38 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/01/21 01:04:54 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2012/01/21 01:04:44 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/12/14 00:44:10 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/10/12 18:33:22 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/02 14:45:42 | 000,000,000 | ---D | M] -- C:\Users\Darwin\AppData\Roaming\BabSolution
[2013/03/02 14:45:27 | 000,000,000 | ---D | M] -- C:\Users\Darwin\AppData\Roaming\Babylon
[2013/03/15 02:06:40 | 000,000,000 | ---D | M] -- C:\Users\Darwin\AppData\Roaming\BitTorrent
[2013/03/02 14:45:40 | 000,000,000 | ---D | M] -- C:\Users\Darwin\AppData\Roaming\Delta
[2013/02/23 10:23:03 | 000,000,000 | ---D | M] -- C:\Users\Darwin\AppData\Roaming\Epson
[2013/03/05 16:18:40 | 000,000,000 | ---D | M] -- C:\Users\Darwin\AppData\Roaming\iFunbox_UserCache
[2013/02/18 00:17:33 | 000,000,000 | ---D | M] -- C:\Users\Darwin\AppData\Roaming\Iminent
[2013/02/21 23:18:31 | 000,000,000 | ---D | M] -- C:\Users\Darwin\AppData\Roaming\Leadertech
[2013/01/30 22:13:47 | 000,000,000 | ---D | M] -- C:\Users\Darwin\AppData\Roaming\OpenOffice.org
[2013/02/19 00:47:06 | 000,000,000 | ---D | M] -- C:\Users\Darwin\AppData\Roaming\redsn0w
[2013/03/07 02:35:44 | 000,000,000 | ---D | M] -- C:\Users\Darwin\AppData\Roaming\SearchProtect
[2013/02/18 00:16:51 | 000,000,000 | ---D | M] -- C:\Users\Darwin\AppData\Roaming\Searchya
[2013/03/08 10:47:40 | 000,000,000 | ---D | M] -- C:\Users\Darwin\AppData\Roaming\SoftGrid Client
[2013/02/08 22:18:42 | 000,000,000 | ---D | M] -- C:\Users\Darwin\AppData\Roaming\TP
[2013/01/29 20:27:56 | 000,000,000 | ---D | M] -- C:\Users\Darwin\AppData\Roaming\WinBatch
[2013/03/17 15:28:27 | 000,000,000 | ---D | M] -- C:\Users\Darwin\AppData\Roaming\Yontoo

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:373E1720

< End of report >

#2
gringo_pr

Posted 17 March 2013 - 10:17 PM

Trusted Helper

Malware Removal
7,268 posts

Hello dssole23

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

Download Security Check by screen317 from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

Download & SAVE to your Desktop RogueKiller or from here
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller+

Gringo

#3
dssole23

Posted 18 March 2013 - 09:22 PM

Member

Topic Starter
Member
77 posts

Results of screen317's Security Check version 0.99.61
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java 7 Update 15
Java version out of Date!
Adobe Flash Player 11.6.602.180
Mozilla Firefox (19.0.2)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Symantec Norton Online Backup NOBuAgent.exe
Strongvault Online Backup BackupAgent.exe
Darwin AppData Local Strongvault Online Backup\SMessaging.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

#4
dssole23

Posted 18 March 2013 - 09:28 PM

Member

Topic Starter
Member
77 posts

# AdwCleaner v2.115 - Logfile created 03/18/2013 at 23:24:28
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Darwin - DARWIN-HP
# Boot Mode : Normal
# Running from : C:\Users\Darwin\Desktop\adwcleaner(1).exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : BrowserProtect
Stopped & Deleted : CltMngSvc
Stopped & Deleted : SProtection
Stopped & Deleted : Yontoo Desktop Updater

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\BetterSoft
Deleted on reboot : C:\ProgramData\BrowserProtect
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\Darwin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\apjrtdq0.default-1361242402277\searchplugins\Conduit.xml
File Deleted : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\fveuxo6o.default-1362028059579\bprotector_extensions.sqlite
File Deleted : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\fveuxo6o.default-1362028059579\bprotector_prefs.js
File Deleted : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\fveuxo6o.default-1362028059579\searchplugins\Conduit.xml
File Deleted : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\fveuxo6o.default-1362028059579\searchplugins\delta.xml
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Coupon Companion Plugin
Folder Deleted : C:\Program Files (x86)\Delta
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Vaudix
Folder Deleted : C:\Program Files (x86)\VisualBee_V.1
Folder Deleted : C:\Program Files (x86)\WhiteSmoke_B
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Iminent
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Darwin\AppData\Local\Conduit
Folder Deleted : C:\Users\Darwin\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\Darwin\AppData\Local\getsavin
Folder Deleted : C:\Users\Darwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Deleted : C:\Users\Darwin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Darwin\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Darwin\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Darwin\AppData\LocalLow\VisualBee_V.1
Folder Deleted : C:\Users\Darwin\AppData\LocalLow\WhiteSmoke_B
Folder Deleted : C:\Users\Darwin\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Darwin\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Darwin\AppData\Roaming\Delta
Folder Deleted : C:\Users\Darwin\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Deleted : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\apjrtdq0.default-1361242402277\extensions\{f0e59437-6148-4a98-b0a6-60d557ef57f4}
Folder Deleted : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\apjrtdq0.default-1361242402277\extensions\[email protected]
Folder Deleted : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\fveuxo6o.default-1362028059579\extensions\{7aeae561-714b-45f6-ace3-4a8aed6e227b}
Folder Deleted : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\fveuxo6o.default-1362028059579\extensions\[email protected]
Folder Deleted : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\fveuxo6o.default-1362028059579\extensions\[email protected]
Folder Deleted : C:\Users\Darwin\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Darwin\AppData\Roaming\SearchYa
Folder Deleted : C:\Users\Darwin\AppData\Roaming\Yontoo

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\vaudix\sprote~1.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\VisualBee_V.1
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_B
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C9A7C20-9BA2-4A58-9317-B3244A359207}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E99C2679-9462-4898-B8BD-E3B431781F80}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\searchya
Key Deleted : HKCU\Software\searchya.com
Key Deleted : HKCU\Software\e6de8fb16fb948
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3281023
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3284024
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5C9A7C20-9BA2-4A58-9317-B3244A359207}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E99C2679-9462-4898-B8BD-E3B431781F80}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Umbrella
Key Deleted : HKLM\Software\VisualBee_V.1
Key Deleted : HKLM\Software\WhiteSmoke_B
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C9A7C20-9BA2-4A58-9317-B3244A359207}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E99C2679-9462-4898-B8BD-E3B431781F80}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\e6de8fb16fb948
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0B490B14-B12C-4CEF-9CF5-ABE1A7752DDE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2051386B-50D2-49DE-B024-6DB3BED7916C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35AC065A-A0E0-4F0F-8C73-CD93BB33E5C1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{819DC4CA-4FFF-4C2E-800D-F346471D99BC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93E9C5AD-D3FB-4B0A-A893-8F19E6806607}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0E59437-6148-4A98-B0A6-60D557EF57F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{118D6CE9-5F18-42F9-958A-14676A629FDE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee_V.1 Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_B Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKU\S-1-5-21-2669450923-3307242709-3957377439-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F0E59437-6148-4A98-B0A6-60D557EF57F4}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3284024&octid=CT3284024&SearchSource=61&CUI=UN26742522241023831&UM=UM_ID&UP=SP47CAC7C3-E358-4CE9-8BE1-73C38F2513EE --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\apjrtdq0.default-1361242402277\prefs.js

C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\apjrtdq0.default-1361242402277\user.js ... Deleted !

Deleted : user_pref("CT3281023.FF19Solved", "true");
Deleted : user_pref("CT3281023.UserID", "UN30209771681741933");
Deleted : user_pref("CT3281023.addressUrlXPETakeover", "true");
Deleted : user_pref("CT3281023.autoDisableScopes", -1);
Deleted : user_pref("CT3281023.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3281023.defaultSearchXPETakeover", "true");
Deleted : user_pref("CT3281023.installDate", "27/2/2013 20:00:00");
Deleted : user_pref("CT3281023.keyword", "true");
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3281023&octid=CT328102[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke B Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281023&Sea[...]
Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke B Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3281023&octid=CT3281023&Sea[...]
Deleted : user_pref("extensions.512eb2df3abf0.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281023&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3281023&octid=CT3281023[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.originalHomepage", "about:home");
Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Deleted : user_pref("smartbar.originalSearchEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

File : C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\fveuxo6o.default-1362028059579\prefs.js

C:\Users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\fveuxo6o.default-1362028059579\user.js ... Deleted !

Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119842&babsrc=HP_ss&mntr[...]
Deleted : user_pref("avg.install.userSPSettings", "Delta Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=119842&babsrc=HP_ss&mntrId[...]
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Deleted : user_pref("extentions.y2layers.installId", "f281d2a0-94e1-43f3-858e-93c2df87bbf4");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3281023&octid=CT3281023[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3281023&octid=CT328102[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Darwin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [40762 octets] - [18/03/2013 23:24:28]

########## EOF - C:\AdwCleaner[S1].txt - [40823 octets] ##########

#5
gringo_pr

Posted 18 March 2013 - 09:32 PM

Trusted Helper

Malware Removal
7,268 posts

Hello dssole23

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

#6
dssole23

Posted 18 March 2013 - 09:33 PM

Member

Topic Starter
Member
77 posts

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Darwin [Admin rights]
Mode : Remove -- Date : 03/18/2013 23:33:02
| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] VaudiX.exe -- C:\ProgramData\BetterSoft\VaudiX\VaudiX.exe [-] -> KILLED [TermProc]
[SUSP PATH] StrongVaultApp.exe -- C:\Users\Darwin\AppData\Local\Strongvault\StrongVaultApp.exe [7] -> KILLED [TermProc]
[SUSP PATH] SMessaging.exe -- C:\Users\Darwin\AppData\Local\Strongvault Online Backup\SMessaging.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Yontoo Desktop ("C:\Users\Darwin\AppData\Roaming\Yontoo\YontooDesktop.exe") [x] -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : SMessaging (C:\Users\Darwin\AppData\Local\Strongvault Online Backup\SMessaging.exe) [7] -> DELETED
[TASK][SUSP PATH] schedule!481551474.job : C:\ProgramData\BetterSoft\VaudiX\VaudiX.exe /schedule /profile "c:\programdata\bettersoft\vaudix\481551474.ini" [-] -> DELETED
[TASK][SUSP PATH] Searchya : C:\Users\Darwin\AppData\Roaming\Searchya\UPDATE~1\UPDATE~1.EXE /Check [x] -> DELETED
[TASK][SUSP PATH] Updater21804.exe : C:\Users\Darwin\AppData\Local\Updater21804\Updater21804.exe /extensionid=21804 /extensionname="Coupon Companion Plugin" /chromeid=jneaojaoiajhnemidnjhoempalnidbhj [x] -> DELETED
[TASK][SUSP PATH] VisualBeeRecovery : C:\Users\Darwin\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe /s [7] -> DELETED
[STARTUP][SUSP PATH] Epson all-in-one Registration.lnk @Darwin : C:\Users\Darwin\AppData\Local\Temp\WZSE0.TMP\Common\EpsonReg\EpsonReg.exe [x] -> DELETED
[STARTUP][SUSP PATH] StrongVaultApp.exe.lnk @Common : C:\Users\Darwin\AppData\Local\Strongvault\StrongVaultApp.exe [7] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

74.208.10.249 gs.apple.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS723020BLA642 SATA Disk Device +++++
--- User ---
[MBR] 47834e46b50a7d1bc0124bffa281235f
[BSP] 5c4fe36067acca8dd2aeba832f5d86e7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 98 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 1896085 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3883393024 | Size: 11539 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_03182013_02d2333.txt >>
RKreport[1]_S_03182013_02d2331.txt ; RKreport[2]_D_03182013_02d2333.txt

#7
gringo_pr

Posted 18 March 2013 - 10:15 PM

Trusted Helper

Malware Removal
7,268 posts

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

#8
dssole23

Posted 19 March 2013 - 06:22 PM

Member

Topic Starter
Member
77 posts

ComboFix 13-03-19.01 - Darwin 03/19/2013 20:10:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9655.6954 [GMT -4:00]
Running from: c:\users\Darwin\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\HappyLyrics\hpPYlrc.dll
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\windows\TEMP\ACLM\HP.ActiveCheckLocalMode.DetectEngine.DetectManager_02acfa3d-9a26-455b-9da5-17d3bb22bdbe\log4net.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-02-20 to 2013-03-20 )))))))))))))))))))))))))))))))
.
.
2013-03-20 00:15 . 2013-03-20 00:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-19 03:24 . 2013-03-19 03:24 138 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-17 14:50 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-14 06:06 . 2013-03-14 06:06 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-14 06:06 . 2013-03-14 06:06 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-11 06:18 . 2013-03-11 06:18 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-03-11 06:18 . 2013-03-11 06:18 -------- d-----w- c:\windows\SysWow64\Extensions
2013-03-09 23:22 . 2013-03-09 23:22 -------- d-----w- c:\users\Darwin\AppData\Roaming\Malwarebytes
2013-03-09 23:22 . 2013-03-09 23:22 -------- d-----w- c:\programdata\Malwarebytes
2013-03-09 23:22 . 2013-03-09 23:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-09 23:22 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-09 23:22 . 2013-03-09 23:22 -------- d-----w- c:\users\Darwin\AppData\Local\Programs
2013-03-09 18:59 . 2013-03-09 19:00 -------- d-----w- c:\program files\CCleaner
2013-03-07 06:32 . 2013-03-07 06:32 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-03-07 06:32 . 2013-03-19 03:28 -------- d-----w- c:\users\Darwin\AppData\Local\Strongvault
2013-03-07 06:32 . 2013-03-19 03:27 -------- d-----w- c:\users\Darwin\AppData\Local\Strongvault Online Backup
2013-03-07 06:32 . 2013-03-09 18:10 -------- d-----w- c:\programdata\Strongvault Online Backup
2013-03-07 06:32 . 2013-03-07 06:32 -------- d-----w- c:\program files (x86)\Strongvault Online Backup
2013-03-07 06:32 . 2013-03-07 06:32 -------- d-----w- C:\AI_RecycleBin
2013-03-07 06:30 . 2013-03-07 06:30 -------- d-----w- c:\users\Darwin\AppData\Local\VisualBeeClient
2013-03-07 06:30 . 2013-03-07 06:30 -------- d-----w- c:\users\Darwin\AppData\Local\VisualBeeExe
2013-03-07 06:29 . 2013-03-20 00:15 -------- d-----w- c:\program files (x86)\HappyLyrics
2013-03-07 06:29 . 2013-03-07 06:30 -------- d-----w- c:\programdata\VisualBee
2013-03-07 06:29 . 2013-03-07 06:32 -------- d-----w- c:\program files (x86)\InfoAtoms
2013-03-05 23:37 . 2013-03-12 02:42 -------- d-----w- c:\users\Darwin\AppData\Roaming\Brother
2013-03-05 23:35 . 2011-08-08 09:47 11264 ----a-w- c:\windows\SysWow64\BSQ70M.DLL
2013-03-05 23:35 . 2011-08-01 13:46 68608 ----a-w- c:\windows\system32\BSQ70L.DLL
2013-03-05 23:35 . 2011-07-12 20:26 376832 ----a-w- c:\windows\SysWow64\BSQ70M.EXE
2013-03-05 23:35 . 2011-06-10 13:58 67584 ----a-w- c:\windows\SysWow64\BSQ70F.DLL
2013-03-05 23:30 . 2013-03-05 23:30 -------- d-----w- c:\program files (x86)\Common Files\Brother
2013-03-05 23:30 . 2013-03-05 23:32 -------- d-----w- c:\program files (x86)\Brother
2013-03-03 00:59 . 2013-03-03 00:59 0 ----a-w- c:\windows\SysWow64\shoAF67.tmp
2013-03-02 19:45 . 2013-03-02 19:45 -------- d-----w- c:\users\Darwin\.shsh
2013-03-02 19:43 . 2013-03-02 19:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-03-02 19:42 . 2013-03-02 19:42 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-02 19:42 . 2013-03-02 19:42 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-02 19:42 . 2013-03-02 19:42 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-02 19:42 . 2013-03-02 19:42 -------- d-----w- c:\program files (x86)\Java
2013-03-02 19:42 . 2013-03-02 19:42 -------- d-----w- c:\programdata\McAfee
2013-03-02 19:14 . 2013-03-02 19:14 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-02 19:14 . 2013-03-02 19:14 -------- d-----w- c:\program files\iTunes
2013-03-02 19:14 . 2013-03-02 19:14 -------- d-----w- c:\program files (x86)\iTunes
2013-03-02 19:14 . 2013-03-02 19:14 -------- d-----w- c:\program files\iPod
2013-03-02 19:13 . 2013-03-14 06:08 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-02 19:13 . 2013-03-02 19:13 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-03-02 19:13 . 2013-03-02 19:13 -------- d-----w- c:\program files\Common Files\Apple
2013-03-02 19:12 . 2013-03-02 19:12 -------- d-----w- c:\program files\Bonjour
2013-03-02 19:12 . 2013-03-02 19:12 -------- d-----w- c:\program files (x86)\Bonjour
2013-03-02 19:12 . 2013-03-02 19:14 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-03-02 18:58 . 2013-03-02 18:58 -------- d-----w- C:\iFaith
2013-03-02 18:45 . 2013-03-02 18:45 -------- d-----w- c:\programdata\BrowserProtect
2013-03-02 18:45 . 2013-03-02 18:50 -------- d-----w- c:\program files (x86)\OpenDownloaderManager
2013-02-28 01:00 . 2013-03-09 18:12 -------- d-----w- c:\programdata\BetterSoft
2013-02-28 00:59 . 2013-02-28 00:59 -------- d-----w- c:\programdata\VVaaudix
2013-02-27 00:09 . 2013-02-27 00:09 -------- d-----w- C:\Nexon
2013-02-27 00:09 . 2013-02-27 00:09 -------- d-----w- c:\programdata\NexonUS
2013-02-23 14:23 . 2013-02-23 14:23 -------- d-----w- c:\users\Darwin\AppData\Roaming\Epson
2013-02-22 03:18 . 2013-02-22 03:18 -------- d-----w- c:\users\Darwin\AppData\Roaming\Leadertech
2013-02-22 03:18 . 2007-09-07 22:33 135168 ----a-w- c:\windows\SysWow64\EEBAPI.dll
2013-02-22 03:18 . 2007-03-28 23:26 65536 ----a-w- c:\windows\SysWow64\EEBUtil.dll
2013-02-22 03:18 . 2006-12-19 23:31 110592 ----a-w- c:\windows\SysWow64\EEBDSCVR.dll
2013-02-22 03:16 . 2008-11-12 07:00 118784 ----a-w- c:\windows\system32\E_ILMGCA.DLL
2013-02-22 03:16 . 2009-10-01 07:01 88064 ----a-w- c:\windows\system32\E_IBCBGCA.DLL
2013-02-22 03:16 . 2013-02-22 03:18 -------- d-----w- c:\programdata\EPSON
2013-02-22 03:16 . 2013-02-22 03:16 -------- d-----w- c:\program files (x86)\Epson Software
2013-02-22 03:15 . 2009-11-20 05:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2013-02-22 03:15 . 2009-05-01 05:00 17408 ----a-w- c:\windows\system32\esxcdev.dll
2013-02-22 03:15 . 2009-05-01 05:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2013-02-22 03:15 . 2013-02-22 03:16 -------- d-----w- c:\program files (x86)\epson
2013-02-18 04:18 . 2013-03-05 20:18 -------- d-----w- c:\users\Darwin\AppData\Roaming\iFunbox_UserCache
2013-02-18 04:18 . 2013-03-09 18:12 -------- d-----w- c:\program files (x86)\i-Funbox DevTeam
2013-02-18 04:16 . 2013-02-18 04:16 -------- d-----w- c:\users\Darwin\AppData\Local\Updater21804
2013-02-18 04:16 . 2013-02-18 04:16 -------- d-----w- c:\users\Darwin\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 01:43 . 2013-01-29 02:03 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 01:43 . 2012-08-02 00:06 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-14 01:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 01:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 01:36 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 01:36 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 01:36 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 01:36 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 00:38 . 2012-08-02 00:13 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-01-29 01:56 . 2011-03-29 01:36 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-01-05 05:53 . 2013-02-14 01:40 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-14 01:40 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-14 01:40 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-14 01:40 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-14 01:40 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-14 01:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-14 01:40 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-14 01:40 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-14 01:40 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-14 01:40 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-14 01:40 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-14 01:40 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-14 01:40 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{25DA541F-6ACF-4052-A8AA-1D58284729C7}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{5FCEE6A8-6EAF-DC6D-6FD3-05249244E595}]
2013-02-28 01:29 118272 ----a-w- c:\programdata\VVaaudix\512eb2df3acd9.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-03-15 1632680]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"iFunBoxConnector"="c:\program files (x86)\i-Funbox DevTeam\ifb_conn.exe" [2012-11-20 812544]
"BackupAgent"="c:\program files (x86)\Strongvault Online Backup\BackupAgent.exe" [2013-02-28 197448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-21 630912]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Darwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 1137952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 ESEADriver2;ESEADriver2;c:\users\Darwin\AppData\Local\Temp\ESEADriver2.sys [x]
R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX64.sys [2008-06-14 57312]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-02-05 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2012-01-16 82048]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2012-01-16 42624]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130316.001\IDSvia64.sys [2013-01-27 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [2012-04-18 405624]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-10 235520]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-08-16 16384]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-12 1128952]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2012-01-11 102528]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2012-01-11 219776]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-03-26 349736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-03-26 39464]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-01-29 138912]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-01-30 104048]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [2007-10-12 50072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-12-28 54400]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-29 01:43]
.
2013-03-19 c:\windows\Tasks\Happy Lyrics Update.job
- c:\program files (x86)\HappyLyrics\HLUpdater.exe [2013-02-27 22:28]
.
2013-03-19 c:\windows\Tasks\HPCeeScheduleForDarwin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2011-12-13 37888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-13 1425408]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Darwin\AppData\Roaming\Mozilla\Firefox\Profiles\fveuxo6o.default-1362028059579\
FF - ExtSQL: 2013-02-26 17:26; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn
FF - ExtSQL: 2013-02-27 21:28; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn
FF - ExtSQL: 2013-03-07 01:29; [email protected]; c:\program files (x86)\HappyLyrics\FF
FF - ExtSQL: 2013-03-07 01:32; [email protected]; c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2013-03-07 01:32; [email protected]; c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{59C0C5BD-2579-433A-BBB8-AFFD59642BAF} - c:\program files (x86)\HappyLyrics\hppylrc.dll
BHO-{8EC92BD3-BE88-4B7C-865A-60E52644ED67} - c:\users\Darwin\AppData\Local\getsavin\ie\getsavin_1362637802.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
AddRemove-Coupon Companion Plugin - c:\program files (x86)\Coupon Companion Plugin\Uninstall.exe
AddRemove-GetSavin - c:\users\Darwin\AppData\Local\getsavin\uninst.exe
AddRemove-SP_09de8db5 - c:\program files (x86)\VaudiX\uninstall.exe
AddRemove-{088A5809-B705-5121-3BE9-B6C8EF7DE7C5} - c:\progra~3\INSTAL~1\{8B277~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-19 20:17:55
ComboFix-quarantined-files.txt 2013-03-20 00:17
.
Pre-Run: 1,837,246,779,392 bytes free
Post-Run: 1,836,889,067,520 bytes free
.
- - End Of File - - 5D5D25313819E698B89EF277F050A551

#9
dssole23

Posted 19 March 2013 - 08:01 PM

Member

Topic Starter
Member
77 posts

it was popups everywhere saying wanna stop spyware etc.

#10
gringo_pr

Posted 19 March 2013 - 08:06 PM

Trusted Helper

Malware Removal
7,268 posts

Hello dssole23

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

If the forum still complains about it being to long send me everything that is at the end of the report after where it says

==================
Scan finished
==================

and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo

#11
dssole23

Posted 20 March 2013 - 10:41 PM

Member

Topic Starter
Member
77 posts

00:31:43.0948 6168 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:31:44.0292 6168 ============================================================
00:31:44.0292 6168 Current date / time: 2013/03/21 00:31:44.0292
00:31:44.0292 6168 SystemInfo:
00:31:44.0292 6168
00:31:44.0293 6168 OS Version: 6.1.7601 ServicePack: 1.0
00:31:44.0293 6168 Product type: Workstation
00:31:44.0293 6168 ComputerName: DARWIN-HP
00:31:44.0293 6168 UserName: Darwin
00:31:44.0293 6168 Windows directory: C:\Windows
00:31:44.0293 6168 System windows directory: C:\Windows
00:31:44.0293 6168 Running under WOW64
00:31:44.0293 6168 Processor architecture: Intel x64
00:31:44.0293 6168 Number of processors: 4
00:31:44.0293 6168 Page size: 0x1000
00:31:44.0293 6168 Boot type: Normal boot
00:31:44.0293 6168 ============================================================
00:31:44.0688 6168 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:31:44.0708 6168 ============================================================
00:31:44.0708 6168 \Device\Harddisk0\DR0:
00:31:44.0709 6168 MBR partitions:
00:31:44.0709 6168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x31000
00:31:44.0709 6168 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0xE774ADF5
00:31:44.0709 6168 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE777E000, BlocksNum 0x1689800
00:31:44.0709 6168 ============================================================
00:31:44.0728 6168 C: <-> \Device\Harddisk0\DR0\Partition2
00:31:44.0774 6168 D: <-> \Device\Harddisk0\DR0\Partition3
00:31:44.0774 6168 ============================================================
00:31:44.0774 6168 Initialize success
00:31:44.0774 6168 ============================================================
00:32:14.0638 8040 Deinitialize success

#12
dssole23

Posted 20 March 2013 - 10:43 PM

Member

Topic Starter
Member
77 posts

only got the suspicious when finished i did not delete just continue

#13
gringo_pr

Posted 20 March 2013 - 11:27 PM

Trusted Helper

Malware Removal
7,268 posts

how are things doing now?

#14
gringo_pr

Posted 23 March 2013 - 10:09 PM

Trusted Helper

Malware Removal
7,268 posts

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo