Jump to content

162.210.192.14 Next step?

krwebber53

By krwebber53
in Resolved Malware Removal Logs

 Share

Recommended Posts

krwebber53

krwebber53

Posted
Posted
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by webberk at 13:30:32 on 2013-11-29
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.5861.3651 [GMT -6:00]
.
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Seagate\Seagate_Media\Sync\MediaAggreService.exe
C:\ProgramData\Premium\SaveAs\SaveAs.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files (x86)\Quicken\bagent.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\webberk\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Livedrive\Livedrive.exe
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Users\webberk\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Users\webberk\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter64.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Seagate\Seagate_Media\AgrregationStatus\stxmediamenumgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\itunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerShellCenter64.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\loggingserver.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
C:\PROGRAM FILES (X86)\NETGEAR\STORA DESKTOP APPLICATIONS\HIPSERVAGENT\HIPSERVAGENT.EXE
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.3\iobitappsToolbarIE.dll
uURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc2.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
uURLSearchHooks: <No Name>: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll
uURLSearchHooks: {93a3111f-4f74-4ed8-895e-d9708497629e} - <orphaned>
mURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc2.dll
dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
dURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned>
dURLSearchHooks: <No Name>: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll
dURLSearchHooks: {93a3111f-4f74-4ed8-895e-d9708497629e} - <orphaned>
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.3\iobitappsToolbarIE.dll
BHO: Search Assistant BHO: {0631bff0-6846-48ca-982d-d62d7f376e97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Toolbar BHO: {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: Startpage24 Browser Helper: {BBD43808-9D13-4B0B-B023-178FD1FAE442} - C:\ProgramData\Startpage24\Plugin\link64_plugin.dll
BHO: Toolbar BHO: {beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dll
BHO: Search Assistant BHO: {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
BHO: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc2.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: IncrediMail MediaBar 2 Toolbar: {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc2.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: VideoDownloadConverter: {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
TB: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc2.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: DailyBibleGuide: {2a942ab7-2073-49bc-a7e1-77e93835889a} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dll
TB: VideoDownloadConverter: {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.3\iobitappsToolbarIE.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
uRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [FA82178918DCCA1C45348F45238FC204F7277D5F._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
uRun: [Akamai NetSession Interface] "C:\Users\webberk\AppData\Local\Akamai\netsession_win.exe"
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uRun: [Actual Window Manager] c:\program files (x86)\actual window manager\actualwindowmanagercenter.exe
uRun: [ActualWindowManagerCenter.exe] c:\program files (x86)\actual window manager\actualwindowmanagercenter.exe
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Livedrive] "C:\Program Files (x86)\Livedrive\Livedrive.exe" /setup
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [FreeAgentTheaterTrayIcon] "C:\Program Files (x86)\Seagate\Seagate_Media\AgrregationStatus\StxMediaMenuMgr.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
dRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
StartupFolder: C:\Users\webberk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe
StartupFolder: C:\Users\webberk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\webberk\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\webberk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: RoboForm Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\microsoft office\Office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
LSP: %windir%\system32\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 207.203.159.23 205.172.132.23
TCP: Interfaces\{6BAB9BC1-F74C-4B1F-9E36-170D3EE9BE46} : NameServer = 205.152.144.23,205.152.37.23
TCP: Interfaces\{6BAB9BC1-F74C-4B1F-9E36-170D3EE9BE46} : DHCPNameServer = 207.203.159.23 205.172.132.23
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: startpage24 - {879506D7-73DF-8D45-BBDD-123467926D12} - C:\ProgramData\Startpage24\Plugin\link64_plugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SEH: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: BrowserHelper Class: {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files (x86)\Livedrive\ExplorerExtensions.dll
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.3\iobitappsToolbarIE64.dll
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
x64-Run: [seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: startpage24 - {879506D7-73DF-8D45-BBDD-123467926D12} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
x64-SEH: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Bing
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\NP2vStub.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\ProgramData\Startpage24\Plugin\firefox\plugins\nplink64.dll
FF - plugin: C:\ProgramData\Startpage24\Plugin\nplink64chrome.dll
FF - plugin: C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll
FF - plugin: C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-10-10 04:55; ascsurfingprotection@iobit.com; C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: !HIDDEN! 2012-07-21 08:56; 2vffxtbr@DailyBibleGuide.com; C:\Program Files (x86)\DailyBibleGuide\bar\1.bin
FF - ExtSQL: !HIDDEN! 2012-10-24 09:12; 4zffxtbr@VideoDownloadConverter_4z.com; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin
FF - ExtSQL: !HIDDEN! 2012-11-26 22:38; infoatoms@infoatoms.com; C:\Program Files (x86)\mozilla firefox\extensions\infoatoms@infoatoms.com
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extentions.webcake.installId - 1da09ee7-d43f-4628-98db-bf4ad1f56847
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2013-11-15 15664]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-10-10 17720]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-5-16 210016]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2013-5-16 141920]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-6-5 70296]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-26 46368]
R1 CbFs;CbFs;C:\Windows\System32\drivers\cbfs.sys [2012-9-4 191960]
R1 cbfs3;cbfs3;C:\Windows\System32\drivers\cbfs3.sys [2013-3-27 352008]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-24 574272]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-11-27 807800]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2013-9-24 1358944]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-6-5 87400]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2013-10-7 9281840]
R2 FreeAgentTheater Service;Seagate Media;C:\Program Files (x86)\Seagate\Seagate_Media\Sync\MediaAggreService.exe [2012-12-20 237248]
R2 GsServer;GoodSync Server;C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [2013-5-21 5825168]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-2-4 821592]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-10-1 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-8-11 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2009-12-7 72216]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-7 701512]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-4-6 25824]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-7-31 137528]
R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-12-20 68896]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2013-4-24 483864]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-10-2 65657]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-11-3 8704]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-6-30 1191408]
R2 VideoDownloadConverter_4zService;VideoDownloadConverterService;C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [2012-10-24 42504]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [2013-11-20 1643696]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
R3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.51572.0.sys [2013-10-8 46384]
R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2013-11-15 388912]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-1-3 70168]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-7 25928]
R3 SndTAudio;SndTAudio;C:\Windows\System32\drivers\SndTAudio.sys [2011-1-19 33336]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LivedriveVSSService;Livedrive VSS Service;C:\Program Files (x86)\Livedrive\VSSService.exe [2013-7-29 210584]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-7 418376]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2009-12-1 61280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\windows live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2013-2-13 403832]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-18 111616]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 SMServer;SMServer;C:\Windows\SysWOW64\snmvtsvc.exe [2011-1-19 245760]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 STSService;STSService;C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe [2010-4-12 344064]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-5 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-20 1255736]
S4 DailyBibleGuideService;DailyBibleGuideService;C:\PROGRA~2\DAILYB~2\bar\1.bin\2vbarsvc.exe [2012-7-21 42504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== File Associations ===============
.
ShellExec: Sidebar.exe: open=C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
.
=============== Created Last 30 ================
.
2013-11-28 15:44:01 -------- d-----w- C:\Program Files (x86)\IObit Apps Toolbar
2013-11-28 15:44:01 -------- d-----w- C:\Program Files (x86)\Application Updater
2013-11-15 15:47:15 388912 ----a-w- C:\Windows\System32\drivers\dlkmd.sys
2013-11-15 15:47:15 15664 ----a-w- C:\Windows\System32\drivers\dlkmdldr.sys
2013-11-15 15:06:12 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-11-15 15:06:11 197120 ----a-w- C:\Windows\System32\credui.dll
2013-11-15 15:06:11 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-15 15:06:11 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-15 15:06:11 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-11-15 15:06:11 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-13 22:41:14 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-10 04:56:40 -------- d-----w- C:\Signs2
2013-11-06 03:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-11-05 03:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-04 16:23:49 -------- d-----w- C:\ProgramData\Oracle
2013-11-04 16:23:25 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-01 05:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-11-01 04:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
.
==================== Find3M  ====================
.
2013-11-22 14:20:28 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-22 14:20:28 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-20 15:57:23 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-10-31 13:40:24 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2013-10-31 13:40:23 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2013-10-31 13:40:23 35656 ----a-w- C:\Windows\System32\LMIport.dll
2013-10-25 04:25:58 194872 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-10-20 13:59:03 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-10 19:35:10 9584 ----a-w- C:\Windows\SysWow64\ractrlkeyhook.dll
2013-10-10 17:00:13 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2013-10-10 17:00:13 259584 ----a-w- C:\Windows\System32\WebClnt.dll
2013-10-10 17:00:13 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2013-10-10 17:00:13 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2013-10-10 17:00:13 102400 ----a-w- C:\Windows\System32\davclnt.dll
2013-10-10 16:58:46 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-10-10 16:58:45 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-10-10 16:58:45 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-10-10 16:58:20 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-10-08 20:02:12 46384 ----a-w- C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.51572.0.sys
2013-10-08 20:02:10 947200 ----a-w- C:\Windows\System32\DisplayLinkUsbCo64_7.4.51572.0.dll
2013-10-07 10:43:24 1227056 ----a-w- C:\Windows\System32\dlumd9.dll
2013-10-07 10:43:24 1227056 ----a-w- C:\Windows\System32\dlumd64.dll
2013-10-07 10:43:24 1227056 ----a-w- C:\Windows\System32\dlumd11.dll
2013-10-07 10:43:24 1227056 ----a-w- C:\Windows\System32\dlumd10.dll
2013-10-07 10:43:22 1010480 ----a-w- C:\Windows\SysWow64\dlumd9.dll
2013-10-07 10:43:22 1010480 ----a-w- C:\Windows\SysWow64\dlumd32.dll
2013-10-07 10:43:22 1010480 ----a-w- C:\Windows\SysWow64\dlumd11.dll
2013-10-07 10:43:22 1010480 ----a-w- C:\Windows\SysWow64\dlumd10.dll
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-10-01 06:52:08 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-26 14:44:54 57144 ----a-w- C:\Windows\System32\drivers\avgfwd6a.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-15 18:20:22 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-09-15 18:20:22 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-09-10 06:43:02 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-01-10 20:36:38 4763456 ----a-w- C:\Program Files (x86)\procexp.exe
.
============= FINISH: 13:30:53.15 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume2
Install Date: 11/30/2009 2:09:53 PM
System Uptime: 11/29/2013 11:55:31 AM (2 hours ago)
.
Motherboard: LENOVO |  | LENOVO
Processor: Intel® Core2 Duo CPU     E6750  @ 2.66GHz | LGA 775 | 2667/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 898 GiB total, 726.848 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 2794 GiB total, 2568.517 GiB free.
L: is FIXED (NTFS) - 898 GiB total, 726.848 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel® 82566DM-2 Gigabit Network Connection
Device ID: PCI\VEN_8086&DEV_10BD&SUBSYS_303817AA&REV_02\3&18D45AA6&0&C8
Manufacturer: Intel
Name: Intel® 82566DM-2 Gigabit Network Connection
PNP Device ID: PCI\VEN_8086&DEV_10BD&SUBSYS_303817AA&REV_02\3&18D45AA6&0&C8
Service: e1express
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: HID-compliant mouse
Device ID: HID\VID_046D&PID_C52B&MI_01&COL01\7&79E838D&0&0000
Manufacturer: Microsoft
Name: HID-compliant mouse
PNP Device ID: HID\VID_046D&PID_C52B&MI_01&COL01\7&79E838D&0&0000
Service: mouhid
.
==== System Restore Points ===================
.
RP656: 10/20/2013 1:31:04 PM - Scheduled Checkpoint
RP657: 10/28/2013 12:00:11 AM - Scheduled Checkpoint
RP658: 11/4/2013 10:21:24 AM - Installed Java 7 Update 45
RP659: 11/5/2013 2:17:40 PM - Installed Clientele
RP660: 11/13/2013 6:55:38 PM - Scheduled Checkpoint
RP661: 11/15/2013 9:03:53 AM - Windows Modules Installer
RP662: 11/15/2013 9:31:22 AM - Windows Update
RP663: 11/18/2013 9:37:31 AM - Windows Update
RP664: 11/25/2013 7:19:37 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition)
Actual Window Manager 7.5.1
ACUCOBOL-GT Thin Client 8.1.2
ACUCOBOL-GT Thin Client 8.1.3
ACUCOBOL-GT Thin Client 9.1.2
Adobe Acrobat X Pro
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Advanced SystemCare 6
Agent Ransack 2010 (64-bit)
Akamai NetSession Interface
Android SDK Tools
AnswerWorks 5.0 English Runtime
AnyDVD
AnyMedia Player 3.4.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASPCA Reminder by We-Care.com v4.1.22.1
Aspi Installer
Audacity 2.0.3
Audible Download Manager
Aura DVD Copy 1.3.2
Aura DVD Ripper for iPod 1.3.5
Aura DVD Ripper Professional 1.3.9
Aura Flash to Video Converter 1.1.0
Aura Software Manager 1.0.3
Aura Video Converter 1.6.0
Aura Video Converter Professional 1.3.9
Aura Video Editor 1.0.8
Aura YouTube Downloader 1.0.8
Auslogics Duplicate File Finder
AVG 2014
AVG SafeGuard toolbar
AVS Audio Converter 7
AVS Audio Editor 7.1
AVS Audio Recorder version 4.0
AVS Cover Editor 2.0.1.3
AVS Disc Creator 5
AVS Document Converter 2.2.3
AVS DVD Copy 4.1.2.283
AVS Image Converter 2.2.2.218
AVS Media Player 4.1.9.95
AVS Photo Editor
AVS Registry Cleaner version 2.2
AVS Ringtone Maker version 1.6
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Converter 8
AVS Video Editor 6
AVS Video Recorder 2.5
AVS Video ReMaker 4.1.1.144
AVS4YOU Software Navigator 1.4
Belarc Advisor 7.2
Bible Search Pro
BibleCodesPredictionsSetup version 1.0
BibleReader
Bing Bar
Bing Maps 3D
Bonjour
CCH Small Firm Services (xulRunner)
CCleaner
CD to WAV and MP3 Ripper
Cisco Connect
Cisco Systems VPN Client 5.0.07.0290
Cisco WebEx Meetings
Citrix Presentation Server Client
Client32
Clientele
CloneDVD2
CommandTRADE
Compare and Merge 2.3
ContinueToSave
ContinueToSave 1.74
Coupon Printer for Windows
DailyBibleGuide Toolbar
Desktop Icon Position Saver (64-bit)
Digsby
DIRECTV2PC Playback Advisor
DisplayLink Core Software
DisplayLink Graphics
DisplayLink iPad Software
Dropbox
DVD-Cloner V9.70 Build 1115
e-Sword
e-Sword Bible Screen Saver
EDI File Editor
Epicor Clientele Loader 7.3.6 Ctelwin
eReg
Evernote v. 5.0.2
extend® Version 8.1.2
extend® Version 9.1.2
Extreme Translator
Extreme Translator Templates
FBackup 4
ffdshow [rev 2527] [2008-12-19]
FileZilla Client 3.6.0.2
FileZilla Server
FixCleaner
FolderSizes 4
Free CD Ripper 3.1
Free Download Manager 3.9.2
Free YouTube Downloader 3.5.134
FreeScreenSharing
GetFoldersize 2.3.2
GoldWave v5.06
GoodSync
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
GoToMeeting 4.5.0.457
GPSoftware Directory Opus
H&R Block Alabama 2009
H&R Block Alabama 2011
H&R Block Alabama 2012
H&R Block Business 2009 (Remove Only)
H&R Block Business 2010 (Remove Only)
H&R Block Business 2011 (Remove Only)
H&R Block Premium + Efile + State 2009
H&R Block Premium + Efile + State 2010
H&R Block Premium + Efile + State 2011
H&R Block Premium + Efile + State 2012
Hardware Helper
Hebrew English Transliterated Bible
HipaaEdiViewer
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2135068)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2160831)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2278944)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2293451)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2303365)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2376419)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2387011)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2401992)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2402012)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2402815)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2425130)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2434700)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2736182)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2890573)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB983504)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB983537)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB983578)
Hotfix for Microsoft Visual Studio LightSwitch 2011 - ENU (KB2603917)
Hotfix for Microsoft Visual Studio LightSwitch 2011 - ENU (KB2890573)
HP Color LaserJet 2600 series
iCloud
ImgBurn
IncrediMail
IncrediMail 2.0
IncrediMail MediaBar 2 Toolbar
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers
Internet Explorer Toolbar 4.9 by SweetPacks
IObit Apps Toolbar v8.3
IObit Malware Fighter
Ipswitch WS_FTP 12
iSEEK AnswerWorks English Runtime
iTunes
Java 7 Update 17 (64-bit)
Java 7 Update 45
Java Auto Updater
Java SE Development Kit 7 Update 11
Java SE Development Kit 7 Update 17 (64-bit)
Java 6 Update 35
Java SE Development Kit 6 Update 21
Junk Mail filter update
JustCloud 
K-Lite Mega Codec Pack 9.7.0
Lernout & Hauspie TruVoice American English TTS Engine
Liaison EDI Notepad
Linksys VPN Client
Livedrive
Logitech SetPoint 6.32
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
MBT Desktop
MBT LightWave Trading Platform
McAfee Security Scan Plus
MediaInfo 0.7.62
Memeo Instant Backup
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Help Viewer 1.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Live Meeting 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files 
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU
Microsoft Team Foundation Server 2010 Object Model for Lightswitch 2011 - ENU
Microsoft Visual C# 2008 Express Edition
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio LightSwitch 2011 - ENU
Microsoft Visual Studio LightSwitch 2011 Deployment Prerequisites
Microsoft Visual Studio Macro Tools
MobileMe Control Panel
MobileNoter
MotoCast
Motorola Device Manager
Motorola Device Software Update
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 6.2.0
Movavi Video Suite 10
Movavi YouTube Converter 3
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.3 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MyFreeCodec
NASA World Wind 1.4
Notepad++
OptimizerPro
Paint.NET v3.5.8
PC Inspector File Recovery
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
PDFKey Pro
Photo Notifier and Animation Creator
PlayMemories Home
PocketBible NET Bible (NET)
Quicken 2010
Quicken 2013
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Recover PDF Password 3.0.118
RoboForm 7-9-2-5 (All Users)
Safari
Samsung Kies
Samsung Story Album Viewer
SAMSUNG USB Driver for Mobile Phones
SaveAs
Seagate Dashboard
Seagate DiscWizard
Seagate Media Software
Search Assistant SimpleSpeedy 1.74
SeaTools for Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 
Security Update for Microsoft Visual Studio LightSwitch 2011 - ENU (KB2645410)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)
Shared C Run-time for x64
Smart Defrag 2
Snagit 10
SoundTaxi 4.0.0
SoundTaxi Media Suite 4.0.0
SouthWare PDF Creator
Sql Server Customer Experience Improvement Program
SSH Secure Shell
Stardock Fences 2
Startpage24
Stellarium 0.11.2
Stora Desktop Applications
Sybase Adaptive Server Enterprise Suite
Tanach Plus
TaxCut Business 2008 (Remove Only)
TaxCut Premium + State + Efile 2008
The Scriptures
theWord
Tune Sweeper
TuneCab Online 3.4.0
TuneCab Online Extras 3.4.2
TuneSync
U/SQL Client (4.30.0000) 
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Updater By SweetPacks 2.0.0.586
Verizon V CAST Media Manager
Video Download Converter version 1.0.0.0
VideoDownloadConverter Toolbar
Visual Studio 2010 Prerequisites - English
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VMware Player
VNC Enterprise Edition E4.5.3
VNC Mirror Driver 1.8.0
VNC Printer Driver 1.6.0
WCF RIA Services V1.0 SP1
Web Deployment Tool
WebCake 3.00
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinPcap 4.1.3
WinStars 2.0
WinZip 15.5
Wireshark 1.8.5 (64-bit)
WiseFixer 3.2
WizeFeed 2.1.5
Wizetrade® Commodities
Wizetrade® Options
Wizetrade® Stocks
WoLoSoft SuperEdi 4.3.2
Xilisoft HD Video Converter 6
Xtend
Xvid 1.1.3 final uninstall
XXClone  ver 2.01.2b
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/29/2013 12:02:16 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/29/2013 12:00:15 PM, Error: Service Control Manager [7034]  - The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
11/29/2013 11:56:41 AM, Error: Service Control Manager [7000]  - The Aspi32 service failed to start due to the following error:  This driver has been blocked from loading
11/29/2013 11:56:41 AM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\Drivers\Aspi32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/26/2013 6:58:23 PM, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10.
11/26/2013 6:02:21 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/26/2013 6:01:08 PM, Error: Service Control Manager [7022]  - The VMware USB Arbitration Service service hung on starting.
11/26/2013 11:00:39 AM, Error: Service Control Manager [7011]  - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
11/25/2013 11:08:40 AM, Error: Schannel [36888]  - The following fatal alert was generated: 43. The internal error state is 252.
11/23/2013 1:29:44 AM, Error: Service Control Manager [7011]  - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
11/22/2013 8:15:13 AM, Error: Service Control Manager [7034]  - The Advanced SystemCare Service 6 service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 

 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello krwebber53! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following applications:

AVG SafeGuard toolbar

ContinueToSave

ContinueToSave 1.74

Coupon Printer for Windows

DailyBibleGuide Toolbar

IncrediMail MediaBar 2 Toolbar

Internet Explorer Toolbar 4.9 by SweetPacks

IObit Apps Toolbar v8.3

IObit Malware Fighter

OptimizerPro

Updater By SweetPacks 2.0.0.586

WebCake 3.00

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
  • Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

    In your next reply, post the following log files:

    • Junkware Removal Tool log
    • AdwCleaner log
    • Malwarebytes' Anti-Malware log
Link to post
Share on other sites
krwebber53

krwebber53

Posted
  • Author
Posted

AdwCleaner.exe did produce a file and displayed it in Notepad, but I do not find the file in C:\

I did find a file AdwCleaner[s0].txt in C:\AdwCleaner folder and copied it at the end of this post.

Here is JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by webberk on Tue 12/03/2013 at 10:05:11.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [service] videodownloadconverter_4zservice 
Successfully deleted: [service] videodownloadconverter_4zservice 
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\videodownloadconverter search scope monitor
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\babygloss
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\babyoptfile
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\sweetim_urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\bho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\extension.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\iehelperv2.5.0.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\nctaudiocdgrabber2.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\priam_bho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\i want this
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2799653475-1206912365-1311522834-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\updater by sweetpacks
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.dynamicbarbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.dynamicbarbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.feedmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.feedmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlmenu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.multiplebutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.multiplebutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radio
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radio.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radiosettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radiosettings.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.scriptbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.scriptbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.settingsplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.thirdpartyinstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.thirdpartyinstaller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.urlalertbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.urlalertbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.xmlsessionplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.xmlsessionplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylon_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylon_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\i want this_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\i want this_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\babylon.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\videodownloadconverter_4zbar uninstall
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2724386
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askchecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askchecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wsconduit__166_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wsconduit__166_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_avs-video-to-go_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_avs-video-to-go_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askchecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askchecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\wsconduit__166_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\wsconduit__166_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_avs-video-to-go_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_avs-video-to-go_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\syswow64\conduitengine.tmp"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"
Failed to delete: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\ProgramData\saveas"
Successfully deleted: [Folder] "C:\ProgramData\softsafe"
Successfully deleted: [Folder] "C:\Users\webberk\AppData\Roaming\fixcleaner"
Successfully deleted: [Folder] "C:\Users\webberk\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\Users\webberk\AppData\Roaming\webcake"
Successfully deleted: [Folder] "C:\Users\webberk\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\webberk\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\webberk\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\webberk\appdata\local\visi_coupon"
Successfully deleted: [Folder] "C:\Users\webberk\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Users\webberk\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\webberk\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\webberk\appdata\locallow\sweetim"
Successfully deleted: [Folder] "C:\Users\webberk\appdata\locallow\videodownloadconverter_4z"
Successfully deleted: [Folder] "C:\Program Files (x86)\babylon"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\dailybibleguide"
Successfully deleted: [Folder] "C:\Program Files (x86)\driver-soft"
Successfully deleted: [Folder] "C:\Program Files (x86)\fixcleaner"
Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\saveas"
Successfully deleted: [Folder] "C:\Program Files (x86)\simplespeedy"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"
Successfully deleted: [Folder] "C:\Program Files (x86)\video download converter"
Successfully deleted: [Folder] "C:\Program Files (x86)\videodownloadconverter_4z"
Failed to delete: [Folder] "C:\Program Files (x86)\Common Files\spigot"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\we-care reminder"
Successfully deleted: [Folder] "C:\Users\webberk\AppData\Roaming\microsoft\windows\start menu\programs\wajam"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\wnlt"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\user.js
Successfully deleted: [File] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\searchplugins\mystart search.xml
Successfully deleted: [File] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\searchplugins\sweetim.xml
Successfully deleted: [File] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\searchplugins\websearch.xml
Successfully deleted: [Folder] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\fctb
Successfully deleted: [Folder] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\extensions\engine@conduit.com
Successfully deleted: [Folder] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\extensions\crossriderapp2258@crossrider.com
Successfully deleted: [Folder] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\extensions\2vffxtbr@dailybibleguide.com
Successfully deleted: [Folder] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\extensions\4zffxtbr@videodownloadconverter_4z.com
Successfully deleted: [Folder] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\extensions\plugin@getwebcake.com
Successfully deleted: [Folder] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\extensions\staged
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\4zffxtbr@videodownloadconverter_4z.com
Successfully deleted the following from C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\prefs.js
 
user_pref("CT2724386.CT2724407.CommunityChanged", true);
user_pref("CT2724386.CT2724431.CommunityChanged", true);
user_pref("CT2724386.CT2727162.CommunityChanged", true);
user_pref("CT2724386.CT2727622.CommunityChanged", true);
user_pref("CT2724386.CT2727646.CommunityChanged", true);
user_pref("CT2724386.CT2727678.CommunityChanged", true);
user_pref("CT2724386.CT2727750.CommunityChanged", true);
user_pref("CT2724386.CTID", "ct2724386");
user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Mon Mar 28 2011 10:04:59 GMT-0500 (Central Daylight Time)");
user_pref("CT2724386.CommunityChanged", true);
user_pref("CT2724386.CurrentServerDate", "29-3-2011");
user_pref("CT2724386.DialogsAlignMode", "LTR");
user_pref("CT2724386.DownloadReferralCookieData", "");
user_pref("CT2724386.FirstServerDate", "28-3-2011");
user_pref("CT2724386.FirstTime", true);
user_pref("CT2724386.FirstTimeFF3", true);
user_pref("CT2724386.FirstTimeSettingsDone", true);
user_pref("CT2724386.FixPageNotFoundErrors", true);
user_pref("CT2724386.GroupingLastCheckTime", "Mon Mar 28 2011 21:04:06 GMT-0500 (Central Daylight Time)");
user_pref("CT2724386.GroupingLastErrorCode", "");
user_pref("CT2724386.GroupingLastResponse", true);
user_pref("CT2724386.GroupingLastServerUpdateTime", "129453855667800000");
user_pref("CT2724386.GroupingServerCheckInterval", 1440);
user_pref("CT2724386.Initialize", true);
user_pref("CT2724386.InitializeCommonPrefs", true);
user_pref("CT2724386.InstallationAndCookieDataSentCount", 3);
user_pref("CT2724386.InstallationId", "IncrediMail_MediaBar_2.exe");
user_pref("CT2724386.InstallationType", "ConduitIntegration");
user_pref("CT2724386.InstalledDate", "Mon Mar 28 2011 09:04:07 GMT-0500 (Central Daylight Time)");
user_pref("CT2724386.IsGrouping", true);
user_pref("CT2724386.IsMulticommunity", false);
user_pref("CT2724386.IsOpenThankYouPage", false);
user_pref("CT2724386.IsOpenUninstallPage", true);
user_pref("CT2724386.LanguagePackLastCheckTime", "Mon Mar 28 2011 09:04:14 GMT-0500 (Central Daylight Time)");
user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2724386.LastLogin_2.7.2.0", "Tue Mar 29 2011 09:04:37 GMT-0500 (Central Daylight Time)");
user_pref("CT2724386.LatestVersion", "3.3.3.2");
user_pref("CT2724386.Locale", "en");
user_pref("CT2724386.LoginCache", 4);
user_pref("CT2724386.MCDetectTooltipHeight", "83");
user_pref("CT2724386.MCDetectTooltipWidth", "295");
user_pref("CT2724386.RadioIsPodcast", false);
user_pref("CT2724386.RadioMediaID", "21080102");
user_pref("CT2724386.RadioMediaType", "Media Player");
user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080102");
user_pref("CT2724386.RadioStationName", "Mix%201620%20Am");
user_pref("CT2724386.SearchFromAddressBarIsInit", true);
user_pref("CT2724386.SearchInNewTabEnabled", true);
user_pref("CT2724386.SearchInNewTabIntervalMM", 1440);
user_pref("CT2724386.SearchProtectorToolbarDisabled", true);
user_pref("CT2724386.SettingsCheckIntervalMin", 120);
user_pref("CT2724386.SettingsLastCheckTime", "Mon Mar 28 2011 09:04:04 GMT-0500 (Central Daylight Time)");
user_pref("CT2724386.SettingsLastUpdate", "1300904766");
user_pref("CT2724386.ThirdPartyComponentsInterval", 504);
user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Mon Mar 28 2011 09:04:03 GMT-0500 (Central Daylight Time)");
user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1246786978");
user_pref("CT2724386.ToolbarDisabled", true);
user_pref("CT2724386.UserID", "UN80016074927960551");
user_pref("CT2724386.WeatherNetwork", "");
user_pref("CT2724386.WeatherPollDate", "Tue Mar 29 2011 10:05:15 GMT-0500 (Central Daylight Time)");
user_pref("CT2724386.WeatherUnit", "C");
user_pref("CT2724386.clientLogIsEnabled", true);
user_pref("CT2724386.ct2724386.DialogsAlignMode", "LTR");
user_pref("CT2724386.ct2724386.FirstTimeSettingsDone", true);
user_pref("CT2724386.ct2724386.GroupingInvalidateCache", false);
user_pref("CT2724386.ct2724386.GroupingLastCheckTime", "Tue Mar 29 2011 09:04:09 GMT-0500 (Central Daylight Time)");
user_pref("CT2724386.ct2724386.GroupingLastErrorCode", "");
user_pref("CT2724386.ct2724386.GroupingLastResponse", true);
user_pref("CT2724386.ct2724386.GroupingLastServerUpdateTime", "129453855667800000");
user_pref("CT2724386.ct2724386.InvalidateCache", false);
user_pref("CT2724386.ct2724386.LanguagePackLastCheckTime", "Mon Mar 28 2011 09:04:35 GMT-0500 (Central Daylight Time)");
user_pref("CT2724386.ct2724386.Locale", "en");
user_pref("CT2724386.ct2724386.RadioLastCheckTime", "Tue Mar 29 2011 09:04:53 GMT-0500 (Central Daylight Time)");
user_pref("CT2724386.ct2724386.RadioLastUpdateIPServer", "3");
user_pref("CT2724386.ct2724386.RadioLastUpdateServer", "129249036863500000");
user_pref("CT2724386.ct2724386.SearchInNewTabLastCheckTime", "Tue Mar 29 2011 09:04:38 GMT-0500 (Central Daylight Time)");
user_pref("CT2724386.ct2724386.SettingsCheckIntervalMin", 120);
user_pref("CT2724386.ct2724386.SettingsLastCheckTime", "Mon Mar 28 2011 09:04:08 GMT-0500 (Central Daylight Time)");
user_pref("CT2724386.ct2724386.SettingsLastUpdate", "1300904766");
user_pref("CT2724386.ct2724386.ThirdPartyComponentsLastCheck", "Mon Mar 28 2011 09:04:08 GMT-0500 (Central Daylight Time)");
user_pref("CT2724386.ct2724386.ThirdPartyComponentsLastUpdate", "1246786978");
user_pref("CT2724386.myStuffEnabled", true);
user_pref("CT2724386.myStuffPublihserMinWidth", 400);
user_pref("CT2724386.myStuffServiceIntervalMM", 1440);
user_pref("CommunityToolbar.EngineHiddenByUser", true);
user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
user_pref("CommunityToolbar.IsEngineShown", false);
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
user_pref("CommunityToolbar.ToolbarsList", "CT2724386,ConduitEngine");
user_pref("CommunityToolbar.ToolbarsList2", "CT2724386");
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu May 05 2011 08:54:59 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue May 17 2011 11:13:45 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.alert.locale", "");
user_pref("CommunityToolbar.alert.loginIntervalMin", 0);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue May 17 2011 10:13:38 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "74e31f20-15d3-493d-a6c3-9d829af4067e");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Mar 29 2011 09:04:15 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun May 15 2011 08:55:12 GMT-0500 (Central Daylight Time)");
user_pref("ConduitEngine.CTID", "ConduitEngine");
user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun May 08 2011 08:54:57 GMT-0500 (Central Daylight Time)");
user_pref("ConduitEngine.FirstServerDate", "05/05/2011 16");
user_pref("ConduitEngine.FirstTime", true);
user_pref("ConduitEngine.FirstTimeFF3", true);
user_pref("ConduitEngine.HasUserGlobalKeys", true);
user_pref("ConduitEngine.Initialize", true);
user_pref("ConduitEngine.InitializeCommonPrefs", true);
user_pref("ConduitEngine.InstalledDate", "Thu May 05 2011 08:54:58 GMT-0500 (Central Daylight Time)");
user_pref("ConduitEngine.IsMulticommunity", false);
user_pref("ConduitEngine.IsOpenThankYouPage", false);
user_pref("ConduitEngine.IsOpenUninstallPage", true);
user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue May 10 2011 08:55:04 GMT-0500 (Central Daylight Time)");
user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue May 10 2011 08:55:04 GMT-0500 (Central Daylight Time)");
user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
user_pref("ConduitEngine.SettingsLastCheckTime", "Tue May 10 2011 08:55:02 GMT-0500 (Central Daylight Time)");
user_pref("ConduitEngine.UserID", "UN30833192118588890");
user_pref("ConduitEngine.componentAlertEnabled", false);
user_pref("ConduitEngine.engineLocale", "en-US");
user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue May 10 2011 08:54:58 GMT-0500 (Central Daylight Time)");
user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue May 10 2011 08:55:05 GMT-0500 (Central Daylight Time)");
user_pref("ConduitEngine.initDone", true);
user_pref("ConduitEngine.isAppTrackingManagerOn", true);
user_pref("ConduitEngine.usagesFlag", 2);
user_pref("aol_toolbar.default.homepage.check", false);
user_pref("aol_toolbar.default.search.check", false);
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("extensions.50ec7f819e1cb.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio
user_pref("extensions.50eeee4553ac0.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("extensions.crossrider.bic", "137412ff4f39c74ca835bd1b992bad3e");
user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1336764547);
user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false);
user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
user_pref("extensions.crossriderapp2258.2258.active", true);
user_pref("extensions.crossriderapp2258.2258.addressbar", "");
user_pref("extensions.crossriderapp2258.2258.addressbarenhanced", "");
user_pref("extensions.crossriderapp2258.2258.affid", "0");
user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n//\n");
user_pref("extensions.crossriderapp2258.2258.backgroundver", 51);
user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1336764547");
user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.value", "%7B%22source_id%22%3A%2222241%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2222241%26subid%3D
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1336764547");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_arbitrary_code.expiration", "Thu May 30 2013 10:35:59 GMT-0500 (Central Daylight Time)");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_arbitrary_code.value", "%22var%20start_time%3D1368590400%3C%3DMath.floor%28new%20Date/1E3%29%3F378693E4%3A1368504E3%3B
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.expiration", "Thu May 30 2013 10:35:59 GMT-0500 (Central Daylight Time)");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_cf_ab_cap1.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_cf_ab_cap1.value", "%22lbcmmpmjjaockhkcofljpakjcbmjmgla%2Cankoaclbfmdocnmjbokdkohpehjjinen%22");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_cf_bu1.value", "1360856520");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.expiration", "Thu Jun 06 2013 10:10:44 GMT-0500 (Central Daylight Time)");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.value", "%22US%22");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1369927908");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.value", "%221368543727%22");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_delay.value", "24");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_disclosure.value", "1367944039");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_list.expiration", "Thu May 30 2013 16:10:46 GMT-0500 (Central Daylight Time)");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_list.value", "%7B%2232456a9136582027c21cd93a74f21b22%22%3A%7B%22p%22%3A%22/%22%7D%2C%2210b846b88e1b816925858abd9e10
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2222241%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2222241%26su
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2222241%22");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1346783678139");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221145%22");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2235781%22");
user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1346783677221");
user_pref("extensions.crossriderapp2258.2258.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.cookie.lastrequest.value", "%7B%22path%22%3A%22/epd/epdEUinit.aspx%22%2C%22host%22%3A%22supportline.microfocus.com%22%2C%22scheme%
user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
user_pref("extensions.crossriderapp2258.2258.domain", "");
user_pref("extensions.crossriderapp2258.2258.emailsig", "");
user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
user_pref("extensions.crossriderapp2258.2258.exposesites", "");
user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
user_pref("extensions.crossriderapp2258.2258.group", 0);
user_pref("extensions.crossriderapp2258.2258.homepage", "");
user_pref("extensions.crossriderapp2258.2258.iframe", false);
user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22159A334243B74FF9ADC770810E96F074IE%22%2C%22installer_verifier
user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "144");
user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0");
user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.expiration", "Thu May 30 2013 16:10:43 GMT-0500 (Central Daylight Time)");
user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");
user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:21,baseCDN:\"co
user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
user_pref("extensions.crossriderapp2258.2258.newtab", "");
user_pref("extensions.crossriderapp2258.2258.opensearch", "");
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw n
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 15);
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(b)
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)");
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 38);
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelectio
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 3);
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 3);
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 7);
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 4);
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background");
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 3);
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};v
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.name", "appApiMessage");
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.ver", 2);
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=fu
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.name", "appApiValidation");
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.ver", 3);
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.ver", 3);
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===tru
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.name", "omniCommands");
user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.ver", 2);
user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "14,78,16,64,47,72,98,1000015");
user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,78,13,16,64,72,98,1000014");
user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_5", "14,78,13,16,64,47,72");
user_pref("extensions.crossriderapp2258.2258.pluginsversion", 69);
user_pref("extensions.crossriderapp2258.2258.premium", true);
user_pref("extensions.crossriderapp2258.2258.publisher", "Innovative Apps");
user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
user_pref("extensions.crossriderapp2258.2258.ver", 144);
user_pref("extensions.crossriderapp2258.adsOldValue", -1);
user_pref("extensions.crossriderapp2258.apps", "2258");
user_pref("extensions.crossriderapp2258.bic", "137412ff4f39c74ca835bd1b992bad3e");
user_pref("extensions.crossriderapp2258.cid", 2258);
user_pref("extensions.crossriderapp2258.firstrun", false);
user_pref("extensions.crossriderapp2258.hadappinstalled", true);
user_pref("extensions.crossriderapp2258.installationdate", 1336828491);
user_pref("extensions.crossriderapp2258.lastcheck", 22832111);
user_pref("extensions.crossriderapp2258.lastcheckitem", 22832132);
user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1342757421206");
user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1342757421202");
user_pref("extensions.crossriderapp2258.modetype", "production");
user_pref("extensions.crossriderapp2258.statsDailyCounter", 14);
user_pref("extensions.toolbar.mindspark._2vMembers_.hp.user.defined", true);
user_pref("extensions.toolbar.mindspark._2vMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._2vMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._2vMembers_.installation.installDate", "2012072308");
user_pref("extensions.toolbar.mindspark._2vMembers_.installation.partnerId", "XMxdm034YYus");
user_pref("extensions.toolbar.mindspark._2vMembers_.installation.partnerSubId", "");
user_pref("extensions.toolbar.mindspark._2vMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._2vMembers_.installation.toolbarId", "815D076D-87E7-43F2-8C37-1E0570ABA176");
user_pref("extensions.toolbar.mindspark._2vMembers_.lastActivePing", "1369926631187");
user_pref("extensions.toolbar.mindspark._2vMembers_.options.defaultSearch", false);
user_pref("extensions.toolbar.mindspark._2vMembers_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._2vMembers_.options.keywordEnabled", false);
user_pref("extensions.toolbar.mindspark._2vMembers_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._2vMembers_.weather.location", "30301");
user_pref("extensions.toolbar.mindspark.lastInstalled", "dailybibleguide@mindspark.com");
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.AutoSearchEventData", "auto%20search");
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.ClearCacheDate", 25);
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.DNSCatch", false);
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.DisplayEULA", true);
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.DnsCatchEventData", "dns%20catch");
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.EBOMode", true);
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.FirstLaunchShown", true);
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.InstallDomain", "freecause.com");
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.InstallType", "standard");
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.LoadLayoutDate.100770", 25);
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.NewTabSearchEventData", "tab%20search");
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.ShowRecommendedOptions", true);
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.StateReportDate", "1343228190825");
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.TopRightSearchEventData", "top%20right%20search");
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.beforeInstallSaved", true);
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.beforeinstall.homepage", "hxxp%3A//mystart.incredimail.com%3Fa%3D1uwspE0znNK");
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.beforeinstall.search", "Secure%20Search");
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.customNewTab", false);
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.helpUsImprove", true);
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.hideOthers", true);
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.partnerauth", false);
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.processAddrBar", false);
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.restoreSearch", false);
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.runcmd.", "bb_acct_status_1343231674");
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.searchHistory", true);
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.session", "17E2E8BC2E615F0244984A94C835B00BBC70588D1A5682DCB67A82A54F6C0DA4A7EB419A12641248D14B3D957F2572E692C06E9416C73C8
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.showFirstLaunchOptions", false);
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.tb_lang", "en");
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.tool_id", "100770");
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.user_id", "111493086");
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.user_key", "469f77b980ea12f60bb6e5fbd1f09a2fe310545a");
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.user_layouts", "100770");
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.user_lnames", "fcreward.100770.b");
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
user_pref("freecause003e1c8febd6f07475514b31c0f547ec.yahooSearch", false);
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
Emptied folder: C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\minidumps [8 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\webberk\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/03/2013 at 10:20:19.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Here is mbam-log-2013-12-03
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.03.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
webberk :: LENOVO64 [administrator]
 
Protection: Enabled
 
12/3/2013 10:47:49 AM
mbam-log-2013-12-03 (10-47-49).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 64922
Time elapsed: 9 minute(s), 24 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
FILE AdwCleaner
# AdwCleaner v3.014 - Report created 03/12/2013 at 10:33:27
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : webberk - LENOVO64
# Running from : C:\Users\webberk\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\coenitinnuuetoosiave
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coenitinnuuetoosiave
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\webberk\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\webberk\AppData\Local\PackageAware
Folder Deleted : C:\Users\admin\AppData\Local\visi_coupon
Folder Deleted : C:\Users\admin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\admin\AppData\LocalLow\IncrediMail_MediaBar_2
Folder Deleted : C:\Users\admin\AppData\LocalLow\VideoDownloadConverter_4z
Folder Deleted : C:\Users\Administrator\AppData\Local\visi_coupon
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\VideoDownloadConverter_4z
Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Conduit
Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\ConduitEngine
Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\CT2724386
Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\g45ga@qxkwa.com
Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\50ec7f819e11e@50ec7f819e157.com
Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\50eeee4553a13@50eeee4553a4c.com
Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\ascsurfingprotection@iobit.com
Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\DeviceDetection@logitech.com
Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\LogMeInClient@logmein.com
Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}
Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}-trash
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\webberk\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\webberk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
File Deleted : C:\Users\webberk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\LaunchApp
File Deleted : C:\Windows\System32\Tasks\PC Optimizer Pro Updates
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\.bgl
Key Deleted : HKLM\SOFTWARE\Classes\.bof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_156f8a5f
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_ccfde35c
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66292684-B2C2-4C7C-B3D2-BF446E30744C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6BFF4BCB-7A73-45A7-AC4C-389A34E1D1EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84B7B98F-E018-4DBB-AB4C-4DDD3DFCB5FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF48DBA6-5DD8-4D10-9EB0-0FA968502E66}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93A3111F-4F74-4ED8-895E-D9708497629E}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3595550-5007-4AEB-BB04-D00E62E836A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F0786343-938E-456B-8798-DE7EEC08F820}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\VideoDownloadConverter_4z
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro
Key Deleted : HKLM\Software\Classes\Installer\Features\5EC33E4FBA7A86F47A7E0FAA48FED2E9
Key Deleted : HKLM\Software\Classes\Installer\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v20.0.1 (en-US)
 
[ File : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\prefs.js ]
 
Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n//\n");
Line Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:21,baseCDN:\"contentcache-a.akamaihd.net[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigator[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&type[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(functi[...]
Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=ap[...]
Line Deleted : user_pref("extensions.enabledAddons", "2vffxtbr%40DailyBibleGuide.com:5.3.1.13538,ascsurfingprotection%40iobit.com:1.0,crossriderapp2258%40crossrider.com:0.91.143,DeviceDetection%40logitech.com:1.23.0[...]
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\webberk\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [20346 octets] - [03/12/2013 10:31:34]
AdwCleaner[s0].txt - [20098 octets] - [03/12/2013 10:33:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [20159 octets] ##########
 
 
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Thanks for your information! I will fix this in my instructions.

Well done! :)

Step 1

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Step 2

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites
krwebber53

krwebber53

Posted
  • Author
Posted

Looks like that fixed the problem. Thanks for your help. Apprecia$ion coming your way. Here is the last scan results FYI.

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ldrtbInc2.dll a variant of Win32/Toolbar.Conduit.P application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc2.dll a variant of Win32/Toolbar.Conduit.B application
C:\AdwCleaner\Quarantine\C\Users\admin\AppData\LocalLow\IncrediMail_MediaBar_2\ldrtbInc2.dll.vir a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\admin\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc2.dll.vir a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\ldrtbInc2.dll.vir a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc2.dll.vir a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\50ec7f819e11e@50ec7f819e157.com\content\bg.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\50eeee4553a13@50eeee4553a4c.com\content\bg.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\g45ga@qxkwa.com\content\bg.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\I Want This\I Want This.dll.vir Win32/Toolbar.CrossRider application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\I Want This\I Want This.exe.vir a variant of Win32/Toolbar.CrossRider.E application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\I Want This\I Want ThisGui.exe.vir a variant of Win32/Toolbar.CrossRider.F application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\I Want This\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.E application cleaned by deleting - quarantined
C:\Users\webberk\Documents\PDFdownload (1).exe Win32/InstalleRex.E application cleaned by deleting - quarantined
C:\Users\webberk\Documents\PDFdownload.exe Win32/InstalleRex.E application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ldrtbInc2.dll a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc2.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
E:\Downloads\ActualWindowsUpgrade.exe Win32/InstalleRex.E application cleaned by deleting - quarantined
E:\Downloads\cbsidlm-cbsi134-Starry_Night_Backyard_ESD-SEO-10066547.exe a variant of Win32/CNETInstaller.B application cleaned by deleting - quarantined
E:\Downloads\cbsidlm-tr1_13-Kindle_for_PC-ORG-75185974.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
E:\Downloads\FreeYouTubeDownloaderInstaller.exe Win32/Somoto.A application cleaned by deleting - quarantined
E:\Downloads\MediaInfo_GUI_0.7.62_Windows.exe Win32/OpenCandy application cleaned by deleting - quarantined
E:\Downloads\setup(1).exe Win32/InstalleRex.E application cleaned by deleting - quarantined
E:\Downloads\Setup.exe Win32/DomaIQ.L application cleaned by deleting - quarantined
E:\Downloads\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
E:\Downloads\SoftonicDownloader_for_nasa-world-wind.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
E:\Downloads\SoftonicDownloader_for_stellarium.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
E:\Downloads\SoftonicDownloader_for_winstars.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
E:\Downloads\VideoDownloadConvert.exe Win32/AdInstaller application cleaned by deleting - quarantined
E:\Downloads\ZoGoDJtF Win32/DomaIQ.L application cleaned by deleting - quarantined
Link to post
Share on other sites
krwebber53

krwebber53

Posted
  • Author
Posted

Looks like I spoke too soon. Original problem is back. I went all day on 12/04/2013 without the IP Block, but on 12/05/2013 at 5:21 AM it started again.

Here from 12/05 protection log is the first couple of lines.

2013/12/05 05:21:34 -0600 LENOVO64 webberk IP-BLOCK 162.210.192.14 (Type: outgoing, Port: 53266, Process: svchost.exe)
2013/12/05 05:22:38 -0600 LENOVO64 webberk IP-BLOCK 162.210.192.14 (Type: outgoing, Port: 53273, Process: svchost.exe)
I was not even using this computer at that time and yet the error started occurring. I will be away from my computer until next Monday, but before then will go back through the steps above. Any additional advice you can give is greatly appreciated.
Thanks,  Ken
Link to post
Share on other sites
krwebber53

krwebber53

Posted
  • Author
Posted

You can hold off doing anything with this issue for now. I realized I had gone back to a restore point earlier in Dec in an effort to correct a device driver issue with this system. After I have gone through all the steps as before, I will post the current status. Hopefully I will have the hardware issue and this malware/virus issue taken care of by then. Whatever the outcome, I will post again next Monday.

 

I certainly appreciate your assistance in this issue.

 

Ken

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
krwebber53

krwebber53

Posted
  • Author
Posted

I have rerun all the utility programs - ADW, DDS JRT. All show system is clean, but I am still getting the IP Block message from MalwareBytes. Here are the last logs:

AdwCleaner

# AdwCleaner v3.014 - Report created 10/12/2013 at 13:27:55
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : webberk - LENOVO64
# Running from : C:\Users\webberk\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v20.0.1 (en-US)
 
[ File : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\webberk\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [20346 octets] - [03/12/2013 10:31:34]
AdwCleaner[R1].txt - [1100 octets] - [03/12/2013 11:29:38]
AdwCleaner[R2].txt - [1321 octets] - [05/12/2013 11:36:12]
AdwCleaner[R3].txt - [1281 octets] - [10/12/2013 13:14:22]
AdwCleaner[s0].txt - [20368 octets] - [03/12/2013 10:33:27]
AdwCleaner[s1].txt - [1354 octets] - [05/12/2013 11:37:39]
AdwCleaner[s2].txt - [1168 octets] - [10/12/2013 13:27:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1228 octets] ##########
 
Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume2
Install Date: 11/30/2009 2:09:53 PM
System Uptime: 12/10/2013 1:30:37 PM (0 hours ago)
.
Motherboard: LENOVO |  | LENOVO
Processor: Intel® Core2 Duo CPU     E6750  @ 2.66GHz | LGA 775 | 2667/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 898 GiB total, 728.872 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 2794 GiB total, 2575.122 GiB free.
L: is FIXED (NTFS) - 898 GiB total, 728.872 GiB free.
X: is NetworkDisk (NTFS) - 800 GiB total, 36.75 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: HID-compliant mouse
Device ID: HID\VID_046D&PID_C52B&MI_01&COL01\7&79E838D&0&0000
Manufacturer: Microsoft
Name: HID-compliant mouse
PNP Device ID: HID\VID_046D&PID_C52B&MI_01&COL01\7&79E838D&0&0000
Service: mouhid
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP660: 11/13/2013 6:55:38 PM - Scheduled Checkpoint
RP661: 11/15/2013 9:03:53 AM - Windows Modules Installer
RP662: 11/15/2013 9:31:22 AM - Windows Update
RP663: 11/18/2013 9:37:31 AM - Windows Update
RP664: 11/25/2013 7:19:37 PM - Scheduled Checkpoint
RP665: 12/3/2013 12:00:09 AM - Scheduled Checkpoint
RP666: 12/3/2013 9:40:03 AM - Removed IObit Apps Toolbar v8.3.
RP667: 12/3/2013 9:49:47 AM - Removed IncrediMail.
RP668: 12/4/2013 12:17:12 PM - Restore Operation
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition)
Actual Window Manager 8.0.3
ACUCOBOL-GT Thin Client 8.1.2
ACUCOBOL-GT Thin Client 8.1.3
ACUCOBOL-GT Thin Client 9.1.2
Adobe Acrobat X Pro
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Advanced SystemCare 6
Agent Ransack 2010 (64-bit)
Akamai NetSession Interface
Android SDK Tools
AnswerWorks 5.0 English Runtime
AnyDVD
AnyMedia Player 3.4.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASPCA Reminder by We-Care.com v4.1.22.1
Aspi Installer
Audacity 2.0.3
Audible Download Manager
Aura DVD Copy 1.3.2
Aura DVD Ripper for iPod 1.3.5
Aura DVD Ripper Professional 1.3.9
Aura Flash to Video Converter 1.1.0
Aura Software Manager 1.0.3
Aura Video Converter 1.6.0
Aura Video Converter Professional 1.3.9
Aura Video Editor 1.0.8
Aura YouTube Downloader 1.0.8
Auslogics Duplicate File Finder
AVG 2014
AVS Audio Converter 7
AVS Audio Editor 7.1
AVS Audio Recorder version 4.0
AVS Cover Editor 2.0.1.3
AVS Disc Creator 5
AVS Document Converter 2.2.3
AVS DVD Copy 4.1.2.283
AVS Image Converter 2.2.2.218
AVS Media Player 4.1.9.95
AVS Photo Editor
AVS Registry Cleaner version 2.2
AVS Ringtone Maker version 1.6
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Converter 8
AVS Video Editor 6
AVS Video Recorder 2.5
AVS Video ReMaker 4.1.1.144
AVS4YOU Software Navigator 1.4
Belarc Advisor 7.2
Bible Search Pro
BibleCodesPredictionsSetup version 1.0
BibleReader
Bing Bar
Bing Maps 3D
Bonjour
CCH Small Firm Services (xulRunner)
CCleaner
CD to WAV and MP3 Ripper
Cisco Connect
Cisco Systems VPN Client 5.0.07.0290
Cisco WebEx Meetings
Citrix Presentation Server Client
Client32
Clientele
CloneDVD2
CommandTRADE
Compare and Merge 2.3
Desktop Icon Position Saver (64-bit)
Digsby
DIRECTV2PC Playback Advisor
DisplayLink Core Software
DisplayLink Graphics
DisplayLink iPad Software
Dropbox
DVD-Cloner V9.70 Build 1115
e-Sword
e-Sword Bible Screen Saver
EDI File Editor
Epicor Clientele Loader 7.3.6 Ctelwin
eReg
ESET Online Scanner v3
Evernote v. 5.0.2
extend® Version 8.1.2
extend® Version 9.1.2
Extreme Translator
Extreme Translator Templates
FBackup 4
ffdshow [rev 2527] [2008-12-19]
FileZilla Client 3.6.0.2
FileZilla Server
FixCleaner
FolderSizes 4
Free CD Ripper 3.1
Free Download Manager 3.9.2
Free YouTube Downloader 3.5.134
FreeScreenSharing
GetFoldersize 2.3.2
GoldWave v5.06
GoodSync
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
GoToMeeting 4.5.0.457
GPSoftware Directory Opus
H&R Block Alabama 2009
H&R Block Alabama 2011
H&R Block Alabama 2012
H&R Block Business 2009 (Remove Only)
H&R Block Business 2010 (Remove Only)
H&R Block Business 2011 (Remove Only)
H&R Block Premium + Efile + State 2009
H&R Block Premium + Efile + State 2010
H&R Block Premium + Efile + State 2011
H&R Block Premium + Efile + State 2012
Hardware Helper
Hebrew English Transliterated Bible
HipaaEdiViewer
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2135068)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2160831)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2278944)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2293451)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2303365)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2376419)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2387011)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2401992)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2402012)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2402815)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2425130)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2434700)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2736182)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2890573)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB983504)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB983537)
Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB983578)
Hotfix for Microsoft Visual Studio LightSwitch 2011 - ENU (KB2603917)
Hotfix for Microsoft Visual Studio LightSwitch 2011 - ENU (KB2890573)
HP Color LaserJet 2600 series
iCloud
ImgBurn
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers
Ipswitch WS_FTP 12
iSEEK AnswerWorks English Runtime
iTunes
Java 7 Update 17 (64-bit)
Java 7 Update 45
Java Auto Updater
Java SE Development Kit 7 Update 11
Java SE Development Kit 7 Update 17 (64-bit)
Java 6 Update 35
Java SE Development Kit 6 Update 21
Junk Mail filter update
JustCloud 
K-Lite Mega Codec Pack 9.7.0
Lernout & Hauspie TruVoice American English TTS Engine
Liaison EDI Notepad
Linksys VPN Client
Livedrive
Logitech SetPoint 6.32
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
MBT Desktop
MBT LightWave Trading Platform
McAfee Security Scan Plus
MediaInfo 0.7.62
Memeo Instant Backup
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Help Viewer 1.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Live Meeting 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files 
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU
Microsoft Team Foundation Server 2010 Object Model for Lightswitch 2011 - ENU
Microsoft Visual C# 2008 Express Edition
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio LightSwitch 2011 - ENU
Microsoft Visual Studio LightSwitch 2011 Deployment Prerequisites
Microsoft Visual Studio Macro Tools
MobileMe Control Panel
MobileNoter
MotoCast
Motorola Device Manager
Motorola Device Software Update
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 6.2.0
Movavi Video Suite 10
Movavi YouTube Converter 3
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.3 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
NASA World Wind 1.4
Notepad++
Paint.NET v3.5.8
PC Inspector File Recovery
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
PDFKey Pro
Photo Notifier and Animation Creator
PlayMemories Home
PocketBible NET Bible (NET)
Quicken 2010
Quicken 2013
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Recover PDF Password 3.0.118
RoboForm 7-9-2-5 (All Users)
Safari
Samsung Kies
Samsung Story Album Viewer
SAMSUNG USB Driver for Mobile Phones
SaveAs
Seagate Dashboard
Seagate DiscWizard
Seagate Media Software
SeaTools for Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 
Security Update for Microsoft Visual Studio LightSwitch 2011 - ENU (KB2645410)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)
Shared C Run-time for x64
Smart Defrag 2
Snagit 10
SoundTaxi 4.0.0
SoundTaxi Media Suite 4.0.0
SouthWare PDF Creator
Sql Server Customer Experience Improvement Program
SSH Secure Shell
Stardock Fences 2
Startpage24
Stellarium 0.11.2
Stora Desktop Applications
Sybase Adaptive Server Enterprise Suite
Tanach Plus
TaxCut Business 2008 (Remove Only)
TaxCut Premium + State + Efile 2008
The Scriptures
theWord
Tune Sweeper
TuneCab Online 3.4.0
TuneCab Online Extras 3.4.2
TuneSync
U/SQL Client (4.30.0000) 
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon V CAST Media Manager
Video Download Converter version 1.0.0.0
Visual Studio 2010 Prerequisites - English
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VMware Player
VNC Enterprise Edition E4.5.3
VNC Mirror Driver 1.8.0
VNC Printer Driver 1.6.0
WCF RIA Services V1.0 SP1
Web Deployment Tool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinPcap 4.1.3
WinStars 2.0
WinZip 15.5
Wireshark 1.8.5 (64-bit)
WiseFixer 3.2
WizeFeed 2.1.5
Wizetrade® Commodities
Wizetrade® Options
Wizetrade® Stocks
WoLoSoft SuperEdi 4.3.2
Xilisoft HD Video Converter 6
Xtend
Xvid 1.1.3 final uninstall
XXClone  ver 2.01.2b
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/7/2013 12:53:53 AM, Error: Service Control Manager [7011]  - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
12/5/2013 2:15:09 PM, Error: Schannel [36888]  - The following fatal alert was generated: 43. The internal error state is 252.
12/5/2013 12:28:45 PM, Error: Service Control Manager [7034]  - The Advanced SystemCare Service 6 service terminated unexpectedly.  It has done this 1 time(s).
12/10/2013 1:35:23 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/10/2013 1:34:48 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/10/2013 1:32:23 PM, Error: Service Control Manager [7000]  - The vToolbarUpdater17.1.3 service failed to start due to the following error:  The system cannot find the file specified.
12/10/2013 1:31:40 PM, Error: Service Control Manager [7000]  - The Aspi32 service failed to start due to the following error:  This driver has been blocked from loading
12/10/2013 1:31:40 PM, Error: Application Popup [1060]  - \SystemRoot\SysWow64\Drivers\Aspi32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================
 
DDS
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by webberk at 13:39:54 on 2013-12-10
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.5861.2729 [GMT -6:00]
.
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
C:\Program Files (x86)\Seagate\Seagate_Media\Sync\MediaAggreService.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files (x86)\Livedrive\VSSService.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files (x86)\Quicken\bagent.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\webberk\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\webberk\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Livedrive\Livedrive.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\webberk\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Seagate\Seagate_Media\AgrregationStatus\stxmediamenumgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\itunes\iTunesHelper.exe
C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Actual Window Manager\ActualWindowManagerShellCenter64.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - <orphaned>
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
dURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned>
dURLSearchHooks: {93a3111f-4f74-4ed8-895e-d9708497629e} - <orphaned>
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: Startpage24 Browser Helper: {BBD43808-9D13-4B0B-B023-178FD1FAE442} - C:\ProgramData\Startpage24\Plugin\link64_plugin.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
uRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [FA82178918DCCA1C45348F45238FC204F7277D5F._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
uRun: [Akamai NetSession Interface] "C:\Users\webberk\AppData\Local\Akamai\netsession_win.exe"
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uRun: [Actual Window Manager] c:\program files (x86)\actual window manager\actualwindowmanagercenter.exe
uRun: [ActualWindowManagerCenter.exe] c:\program files (x86)\actual window manager\actualwindowmanagercenter.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Livedrive] "C:\Program Files (x86)\Livedrive\Livedrive.exe" /setup
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [FreeAgentTheaterTrayIcon] "C:\Program Files (x86)\Seagate\Seagate_Media\AgrregationStatus\StxMediaMenuMgr.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
StartupFolder: C:\Users\webberk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe
StartupFolder: C:\Users\webberk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\webberk\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\webberk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: RoboForm Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\microsoft office\Office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 207.203.159.23 205.172.132.23
TCP: Interfaces\{6BAB9BC1-F74C-4B1F-9E36-170D3EE9BE46} : NameServer = 205.152.144.23,205.152.37.23
TCP: Interfaces\{6BAB9BC1-F74C-4B1F-9E36-170D3EE9BE46} : DHCPNameServer = 207.203.159.23 205.172.132.23
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: startpage24 - {879506D7-73DF-8D45-BBDD-123467926D12} - C:\ProgramData\Startpage24\Plugin\link64_plugin.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SEH: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: BrowserHelper Class: {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files (x86)\Livedrive\ExplorerExtensions.dll
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
x64-Run: [seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: startpage24 - {879506D7-73DF-8D45-BBDD-123467926D12} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
x64-SEH: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Bing
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\ProgramData\Startpage24\Plugin\firefox\plugins\nplink64.dll
FF - plugin: C:\ProgramData\Startpage24\Plugin\nplink64chrome.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-12-04 14:58; ffext@startpage24; C:\ProgramData\Startpage24\Plugin\firefox
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2013-11-15 15664]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-10-10 17720]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-5-16 210016]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2013-5-16 141920]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-6-5 70296]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 57144]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-26 46368]
R1 CbFs;CbFs;C:\Windows\System32\drivers\cbfs.sys [2012-9-4 191960]
R1 cbfs3;cbfs3;C:\Windows\System32\drivers\cbfs3.sys [2013-3-27 352008]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-24 574272]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2013-9-24 1358944]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-6-5 87400]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2013-10-7 9281840]
R2 FreeAgentTheater Service;Seagate Media;C:\Program Files (x86)\Seagate\Seagate_Media\Sync\MediaAggreService.exe [2012-12-20 237248]
R2 GsServer;GoodSync Server;C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [2013-5-21 5825168]
R2 LivedriveVSSService;Livedrive VSS Service;C:\Program Files (x86)\Livedrive\VSSService.exe [2013-7-29 210584]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-10-1 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-8-11 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2009-12-7 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-7 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-7 701512]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-4-6 25824]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-7-31 137528]
R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-12-20 68896]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2013-4-24 483864]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-10-2 65657]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-11-3 8704]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-6-30 1191408]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.51572.0.sys [2013-10-8 46384]
R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2013-11-15 388912]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-1-3 70168]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-7 25928]
R3 SndTAudio;SndTAudio;C:\Windows\System32\drivers\SndTAudio.sys [2011-1-19 33336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [?]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2009-12-1 61280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\windows live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2013-2-13 403832]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-18 111616]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 SMServer;SMServer;C:\Windows\SysWOW64\snmvtsvc.exe [2011-1-19 245760]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 STSService;STSService;C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe [2010-4-12 344064]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-5 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-20 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== File Associations ===============
.
ShellExec: Sidebar.exe: open=C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
.
=============== Created Last 30 ================
.
2013-12-04 22:06:42 -------- d-----w- C:\Users\webberk\AppData\Local\DriverToolkit
2013-12-04 22:06:39 -------- d-----w- C:\Program Files (x86)\DriverToolkit
2013-12-04 20:26:39 -------- d-----w- C:\ProgramData\UAB
2013-12-04 20:03:05 -------- d-----w- C:\ProgramData\Actual Tools
2013-12-04 01:43:26 -------- d-----w- C:\Program Files (x86)\ESET
2013-12-03 16:31:23 -------- d-----w- C:\AdwCleaner
2013-12-03 16:05:06 -------- d-----w- C:\Windows\ERUNT
2013-11-15 15:47:15 388912 ----a-w- C:\Windows\System32\drivers\dlkmd.sys
2013-11-15 15:47:15 15664 ----a-w- C:\Windows\System32\drivers\dlkmdldr.sys
2013-11-15 15:06:12 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-11-15 15:06:11 197120 ----a-w- C:\Windows\System32\credui.dll
2013-11-15 15:06:11 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-15 15:06:11 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-15 15:06:11 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-11-15 15:06:11 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-13 22:41:14 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
.
==================== Find3M  ====================
.
2013-11-22 14:20:28 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-22 14:20:28 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-20 15:57:23 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-11-06 03:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-11-05 03:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-01 05:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-11-01 04:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-10-31 13:40:24 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2013-10-31 13:40:23 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2013-10-31 13:40:23 35656 ----a-w- C:\Windows\System32\LMIport.dll
2013-10-25 04:25:58 194872 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-10-20 13:59:03 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-10 19:35:10 9584 ----a-w- C:\Windows\SysWow64\ractrlkeyhook.dll
2013-10-10 17:00:13 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2013-10-10 17:00:13 259584 ----a-w- C:\Windows\System32\WebClnt.dll
2013-10-10 17:00:13 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2013-10-10 17:00:13 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2013-10-10 17:00:13 102400 ----a-w- C:\Windows\System32\davclnt.dll
2013-10-10 16:58:46 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-10-10 16:58:45 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-10-10 16:58:45 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-10-10 16:58:20 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-10-08 20:02:12 46384 ----a-w- C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.51572.0.sys
2013-10-08 20:02:10 947200 ----a-w- C:\Windows\System32\DisplayLinkUsbCo64_7.4.51572.0.dll
2013-10-08 13:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-07 10:43:24 1227056 ----a-w- C:\Windows\System32\dlumd9.dll
2013-10-07 10:43:24 1227056 ----a-w- C:\Windows\System32\dlumd64.dll
2013-10-07 10:43:24 1227056 ----a-w- C:\Windows\System32\dlumd11.dll
2013-10-07 10:43:24 1227056 ----a-w- C:\Windows\System32\dlumd10.dll
2013-10-07 10:43:22 1010480 ----a-w- C:\Windows\SysWow64\dlumd9.dll
2013-10-07 10:43:22 1010480 ----a-w- C:\Windows\SysWow64\dlumd32.dll
2013-10-07 10:43:22 1010480 ----a-w- C:\Windows\SysWow64\dlumd11.dll
2013-10-07 10:43:22 1010480 ----a-w- C:\Windows\SysWow64\dlumd10.dll
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-10-01 06:52:08 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-26 14:44:54 57144 ----a-w- C:\Windows\System32\drivers\avgfwd6a.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-15 18:20:22 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-09-15 18:20:22 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-01-10 20:36:38 4763456 ----a-w- C:\Program Files (x86)\procexp.exe
.
============= FINISH: 13:41:49.59 ===============
 
JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by webberk on Tue 12/10/2013 at 14:38:57.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/10/2013 at 14:50:51.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites
krwebber53

krwebber53

Posted
  • Author
Posted

When I clicked on the link to " ComboFix usage, Questions, Help? - Look here " I received this message.

http://www.bleepingcomputer.com/forums/topic273628.html

Sorry, we couldn't find that!

 

[#404]

Sorry, we could not locate the page you are requesting to view. Please click here to return to the community index


Need Help?

 

I have downloaded ComboFix.exe to my desktop and read through the ComboFix Users Guide. Should I go ahead and run without reading info on the link?

Link to post
Share on other sites
krwebber53

krwebber53

Posted
  • Author
Posted

1st attempt to post ComboFix results yeolded error - Post too long - so I will post results in parts

Part 1

ComboFix 13-12-13.01 - webberk 12/15/2013  23:24:06.2.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.5861.3053 [GMT -6:00]
Running from: c:\users\webberk\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\webberk\AppData\Local\Temp\aimemb.dll
c:\users\webberk\AppData\Local\Temp\aimemb64.dll
c:\windows\Fonts\PCFNEW.FON
c:\windows\Fonts\PCMIRIAM.FON
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\075884af680ff6dc.fb
c:\windows\SysWow64\Cache\227113dfa1ca894d.fb
c:\windows\SysWow64\Cache\28aa9695c0851492.fb
c:\windows\SysWow64\Cache\49fbbc5a8678d502.fb
c:\windows\SysWow64\Cache\5c54eb1a1655b076.fb
c:\windows\SysWow64\Cache\5f7a1730619160ca.fb
c:\windows\SysWow64\Cache\613e8ce7ab7106af.fb
c:\windows\SysWow64\Cache\633a76311867bd11.fb
c:\windows\SysWow64\Cache\691f14230153a9e1.fb
c:\windows\SysWow64\Cache\6cb409d7ac73d9f1.fb
c:\windows\SysWow64\Cache\7614bd6cfa99e546.fb
c:\windows\SysWow64\Cache\77664b6ccc36be9f.fb
c:\windows\SysWow64\Cache\881b3593316772f0.fb
c:\windows\SysWow64\Cache\98657d0579ae1930.fb
c:\windows\SysWow64\Cache\a25e71635e6f5194.fb
c:\windows\SysWow64\Cache\a814d70abb5320cf.fb
c:\windows\SysWow64\Cache\bc8b7c797277c61b.fb
c:\windows\SysWow64\Cache\c4e10d1be905349b.fb
c:\windows\SysWow64\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\SysWow64\Cache\d9ca663388d21ec0.fb
c:\windows\SysWow64\Cache\e28ceca8be4a3ef0.fb
c:\windows\SysWow64\Cache\f2cda51fd108941f.fb
c:\windows\SysWow64\Cache\f34d8db84131d925.fb
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-16 to 2013-12-16  )))))))))))))))))))))))))))))))
.
.
2013-12-16 05:34 . 2013-12-16 05:34 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-12-16 05:34 . 2013-12-16 05:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-16 05:34 . 2013-12-16 05:34 -------- d-----w- c:\users\ken\AppData\Local\temp
2013-12-16 05:34 . 2013-12-16 05:34 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-12-16 05:34 . 2013-12-16 05:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-16 05:34 . 2013-12-16 05:34 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-12-16 05:34 . 2013-12-16 05:34 -------- d-----w- c:\users\admin\AppData\Local\temp
2013-12-04 22:06 . 2013-12-04 22:06 -------- d-----w- c:\users\webberk\AppData\Local\DriverToolkit
2013-12-04 22:06 . 2013-12-05 16:18 -------- d-----w- c:\program files (x86)\DriverToolkit
2013-12-04 20:26 . 2013-12-04 20:27 -------- d-----w- c:\programdata\UAB
2013-12-04 20:03 . 2013-12-04 20:03 -------- d-----w- c:\programdata\Actual Tools
2013-12-04 01:43 . 2013-12-05 16:17 -------- d-----w- c:\program files (x86)\ESET
2013-12-03 16:31 . 2013-12-10 19:28 -------- d-----w- C:\AdwCleaner
2013-12-03 16:05 . 2013-12-05 16:17 -------- d-----w- c:\windows\ERUNT
2013-11-18 15:44 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 22:57 . 2012-04-05 13:53 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 22:57 . 2011-06-21 21:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-20 15:57 . 2013-03-26 19:19 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-11-18 15:42 . 2013-11-18 15:42 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-18 15:42 . 2013-11-18 15:42 1818112 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-18 15:42 . 2013-11-18 15:42 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-18 15:42 . 2013-11-18 15:42 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-18 15:42 . 2013-11-18 15:42 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-18 15:42 . 2013-11-18 15:42 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-15 15:34 . 2009-12-07 19:45 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-15 15:06 . 2013-11-15 15:06 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-15 15:06 . 2013-11-15 15:06 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-15 15:06 . 2013-11-15 15:06 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-15 15:06 . 2013-11-15 15:06 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-15 15:06 . 2013-11-15 15:06 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-15 15:06 . 2013-11-15 15:06 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-15 15:03 . 2011-09-08 21:54 191168 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-11-06 03:55 . 2013-11-06 03:55 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-11-05 03:52 . 2013-11-05 03:52 240920 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-11-01 05:00 . 2013-11-01 05:00 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-11-01 04:49 . 2013-11-01 04:49 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-10-31 13:40 . 2009-12-07 19:34 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-10-31 13:40 . 2009-12-07 19:34 35656 ----a-w- c:\windows\system32\LMIport.dll
2013-10-31 13:40 . 2009-12-07 19:34 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-10-25 04:25 . 2013-10-25 04:25 194872 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-10-20 13:59 . 2009-12-07 19:34 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-10-12 02:30 . 2013-11-12 20:28 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-12 20:28 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-12 20:28 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-12 20:28 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-12 20:28 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-10 19:35 . 2013-10-10 19:35 9584 ----a-w- c:\windows\SysWow64\ractrlkeyhook.dll
2013-10-10 17:00 . 2013-10-10 17:00 81920 ----a-w- c:\windows\SysWow64\davclnt.dll
2013-10-10 17:00 . 2013-10-10 17:00 259584 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-10 17:00 . 2013-10-10 17:00 205824 ----a-w- c:\windows\SysWow64\WebClnt.dll
2013-10-10 17:00 . 2013-10-10 17:00 140800 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-10 17:00 . 2013-10-10 17:00 102400 ----a-w- c:\windows\system32\davclnt.dll
2013-10-10 16:59 . 2013-10-10 16:59 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-10-10 16:59 . 2013-10-10 16:59 859648 ----a-w- c:\windows\system32\tdh.dll
2013-10-10 16:59 . 2013-10-10 16:59 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-10-10 16:59 . 2013-10-10 16:59 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-10-10 16:59 . 2013-10-10 16:59 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-10-10 16:59 . 2013-10-10 16:59 243712 ----a-w- c:\windows\system32\wow64.dll
2013-10-10 16:59 . 2013-10-10 16:59 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-10-10 16:59 . 2013-10-10 16:59 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-10-10 16:59 . 2013-10-10 16:59 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-10-10 16:59 . 2013-10-10 16:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-10-10 16:59 . 2013-10-10 16:59 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-10-10 16:59 . 2013-10-10 16:59 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-10-10 16:59 . 2013-10-10 16:59 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-10-10 16:59 . 2013-10-10 16:59 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-10-10 16:59 . 2013-10-10 16:59 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-10-10 16:59 . 2013-10-10 16:59 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-10-10 16:59 . 2013-10-10 16:59 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-10 16:58 . 2013-10-10 16:58 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-10 16:58 . 2013-10-10 16:58 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-10-10 16:58 . 2013-10-10 16:58 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-10-10 16:58 . 2013-10-10 16:58 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-10-08 20:02 . 2013-10-08 20:02 46384 ----a-w- c:\windows\system32\drivers\DisplayLinkUsbIo_x64_7.4.51572.0.sys
2013-10-08 20:02 . 2013-10-08 20:02 947200 ----a-w- c:\windows\system32\DisplayLinkUsbCo64_7.4.51572.0.dll
2013-10-08 13:50 . 2013-11-04 16:23 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-07 10:45 . 2013-11-15 15:47 388912 ----a-w- c:\windows\system32\drivers\dlkmd.sys
2013-10-07 10:45 . 2013-11-15 15:47 15664 ----a-w- c:\windows\system32\drivers\dlkmdldr.sys
2013-10-07 10:43 . 2013-10-07 10:43 1227056 ----a-w- c:\windows\system32\dlumd9.dll
2013-10-07 10:43 . 2013-10-07 10:43 1227056 ----a-w- c:\windows\system32\dlumd64.dll
2013-10-07 10:43 . 2013-10-07 10:43 1227056 ----a-w- c:\windows\system32\dlumd11.dll
2013-10-07 10:43 . 2013-10-07 10:43 1227056 ----a-w- c:\windows\system32\dlumd10.dll
2013-10-07 10:43 . 2013-10-07 10:43 1010480 ----a-w- c:\windows\SysWow64\dlumd9.dll
2013-10-07 10:43 . 2013-10-07 10:43 1010480 ----a-w- c:\windows\SysWow64\dlumd32.dll
2013-10-07 10:43 . 2013-10-07 10:43 1010480 ----a-w- c:\windows\SysWow64\dlumd11.dll
2013-10-07 10:43 . 2013-10-07 10:43 1010480 ----a-w- c:\windows\SysWow64\dlumd10.dll
2013-10-05 20:25 . 2013-11-12 20:28 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-12 20:28 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-03 02:23 . 2013-11-12 20:28 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-12 20:28 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-10-01 06:52 . 2013-10-01 06:52 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-09-28 01:09 . 2013-11-12 20:28 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-26 14:44 . 2012-09-04 15:39 57144 ----a-w- c:\windows\system32\drivers\avgfwd6a.sys
2013-09-25 02:26 . 2013-11-12 20:28 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-12 20:28 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-12 20:28 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-12 20:28 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-12 20:28 28160 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-12 20:28 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-12 20:28 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-12 20:28 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-12 20:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-12 20:28 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-12 20:28 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-12 20:28 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-12 20:28 30720 ----a-w- c:\windows\system32\lsass.exe
2012-01-10 20:36 . 2012-01-10 20:36 4763456 ----a-w- c:\program files (x86)\procexp.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll" [2012-11-26 1525088]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\webberk\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\webberk\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\webberk\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\webberk\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-11-10 15:55 158056 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Directory Opus Desktop Dblclk"="c:\program files\GPSoftware\Directory Opus\dopusrt.exe" [2013-06-14 351344]
"QuickenScheduledUpdates"="c:\program files (x86)\Quicken\bagent.exe" [2013-04-10 76072]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
"FA82178918DCCA1C45348F45238FC204F7277D5F._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-12-04 863184]
"Akamai NetSession Interface"="c:\users\webberk\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-19 491840]
"Actual Window Manager"="c:\program files (x86)\actual window manager\actualwindowmanagercenter.exe" [2013-09-14 1973040]
"ActualWindowManagerCenter.exe"="c:\program files (x86)\actual window manager\actualwindowmanagercenter.exe" [2013-09-14 1973040]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]
"Livedrive"="c:\program files (x86)\Livedrive\Livedrive.exe" [2013-07-29 1814680]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-10-17 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-09-03 41336]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-09-03 840568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-11-03 73728]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]
"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-06-30 2638152]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2013-04-24 740888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-09-15 295512]
"FreeAgentTheaterTrayIcon"="c:\program files (x86)\Seagate\Seagate_Media\AgrregationStatus\StxMediaMenuMgr.exe" [2012-12-20 177344]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-10-17 109784]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-19 491840]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]
.
c:\users\webberk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files (x86)\Digsby\digsby.exe [2010-3-3 141488]
Dropbox.lnk - c:\users\webberk\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-10-3 1103200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EE761688-C137-4b04-8FAB-3C9CDF0886F0}"= "c:\program files\GPSoftware\Directory Opus\dopuslib32.dll" [2013-06-14 366672]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.3.40660.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_6.3.40660.0.sys [x]
R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe;c:\windows\SysWOW64\GSService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 PROCEXP151;PROCEXP151; [x]
R3 SMServer;SMServer;c:\windows\SysWOW64\snmvtsvc.exe;c:\windows\SysWOW64\snmvtsvc.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 STSService;STSService;c:\program files (x86)\SoundTaxi Media Suite\STSService.exe;c:\program files (x86)\SoundTaxi Media Suite\STSService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt53.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys;c:\windows\SYSNATIVE\drivers\cbfs.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 FreeAgentTheater Service;Seagate Media;c:\program files (x86)\Seagate\Seagate_Media\Sync\MediaAggreService.exe;c:\program files (x86)\Seagate\Seagate_Media\Sync\MediaAggreService.exe [x]
S2 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [x]
S2 LivedriveVSSService;Livedrive VSS Service;c:\program files (x86)\Livedrive\VSSService.exe;c:\program files (x86)\Livedrive\VSSService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;c:\windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys;c:\windows\SYSNATIVE\drivers\SndTAudio.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 07:36 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Link to post
Share on other sites
krwebber53

krwebber53

Posted
  • Author
Posted

Part 2

Contents of the 'Scheduled Tasks' folder
.
2013-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 22:57]
.
2012-09-05 c:\windows\Tasks\GoodSync - iWorship.job
- c:\program files\Siber Systems\GoodSync\gsync.exe [2013-05-21 10:55]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 22:14]
.
2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 22:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]
@="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"
[HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]
2013-07-29 16:38 1245848 ----a-w- c:\program files (x86)\Livedrive\Extensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\webberk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\webberk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\webberk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\webberk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-11-10 15:55 190312 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]
@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"
[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]
2013-07-29 16:38 1245848 ----a-w- c:\program files (x86)\Livedrive\Extensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]
@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"
[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]
2013-07-29 16:38 1245848 ----a-w- c:\program files (x86)\Livedrive\Extensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay]
@="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"
[HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]
2013-07-29 16:38 1245848 ----a-w- c:\program files (x86)\Livedrive\Extensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]
@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"
[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]
2013-07-29 16:38 1245848 ----a-w- c:\program files (x86)\Livedrive\Extensions.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2008-08-11 57928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2013-03-20 3996848]
"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-06-30 395152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2013-03-20 552112]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2013-06-14 1409656]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
TCP: DhcpNameServer = 207.203.159.23 205.172.132.23
TCP: Interfaces\{6BAB9BC1-F74C-4B1F-9E36-170D3EE9BE46}: NameServer = 205.152.144.23,205.152.37.23
Handler: startpage24 - {879506D7-73DF-8D45-BBDD-123467926D12} - c:\programdata\Startpage24\Plugin\link64_plugin.dll
FF - ProfilePath - c:\users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Bing
FF - ExtSQL: 2013-12-04 14:58; ffext@startpage24; c:\programdata\Startpage24\Plugin\firefox
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
AddRemove-0PR44WT7-L00K-1T1Z-H3R3-UN1NST4LLTH3_is1 - c:\program files (x86)\GlobalTec Solutions
AddRemove-C0M0DITY-L00K-1T1Z-H3R3-UN1NST4LLTH3_is1 - c:\program files (x86)\GlobalTec Solutions
AddRemove-C0MM4NDT-L00K-1T1Z-H3R3-UN1NST4LLTH3_is1 - c:\program files (x86)\GlobalTec Solutions
AddRemove-W1Z3F33D-CD0C-4AC4-86B4-X11E5511AA18_is1 - c:\program files (x86)\GlobalTec Solutions
AddRemove-W1Z3T4D3-L00K-1T1Z-H3R3-UN1NST4LLTH3_is1 - c:\program files (x86)\GlobalTec Solutions
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
   76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
   43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
   0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{11111111-1111-1111-1111-110011221158}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
   15,23,5f,7f,54,6e,07,52,40,14,7c,55,4c
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,
   23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
   34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
   76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
   aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
   b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,
   c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
   f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}"=hex:51,66,7a,6c,4c,1d,3b,1b,64,d2,44,
   54,75,5c,8a,34,aa,62,82,42,ba,d5,f4,71
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a8,28,c3,09,e2,b1,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,e4,93,b0,8f,8e,1f,4f,88,b8,45,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,e4,93,b0,8f,8e,1f,4f,88,b8,45,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,e4,93,b0,8f,8e,1f,4f,88,b8,45,\
.
[HKEY_USERS\S-1-5-21-2799653475-1206912365-1311522834-1001\Control Panel\International\Time]
@Denied: (A) (Everyone)
"{FAE7A96A-56C3-4ABF-A6C2-D5D78089A7D8}"=hex:6a,a9,e7,fa,c3,56,bf,4a,a6,c2,d5,
   d7,80,89,a7,d8,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{C3C00093-A5A2-48F3-AFCC-E0DE0EB8D1C6}"=hex:93,00,c0,c3,a2,a5,f3,48,af,cc,e0,
   de,0e,b8,d1,c6,37,48,5f,35,4d,25,3f,4b,3d,34,4c,23,45,29,5c,4b,5d,39,57,53,\
"{378DC036-1D5F-41FA-8623-13BC398BBE82}"=hex:36,c0,8d,37,5f,1d,fa,41,86,23,13,
   bc,39,8b,be,82,53,32,49,44,51,25,4e,3d,4c,46,46,23,4a,57,23,2b,46,39,4f,55,\
"{CD2D009D-C44E-4959-A103-9B11705195D7}"=hex:9d,00,2d,cd,4e,c4,59,49,a1,03,9b,
   11,70,51,95,d7,4e,4c,55,4e,3f,25,50,4b,3f,40,4a,23,4a,5d,27,24,4b,39,5b,51,\
"{5BBF68F8-9F66-4E76-AE71-3A8506C8DBAD}"=hex:f8,68,bf,5b,66,9f,76,4e,ae,71,3a,
   85,06,c8,db,ad,41,57,56,5f,56,25,58,44,58,5f,34,23,42,29,5f,4a,51,39,5d,22,\
"{3751523F-A7F6-4DDA-B49C-E8136E65DDD5}"=hex:3f,52,51,37,f6,a7,da,4d,b4,9c,e8,
   13,6e,65,dd,d5,41,30,4f,45,4f,25,5f,4d,5f,38,48,23,3a,23,53,58,44,39,53,40,\
"{D989101A-35EA-422C-B608-F456F9A77BC7}"=hex:1a,10,89,d9,ea,35,2c,42,b6,08,f4,
   56,f9,a7,7b,c7,3b,49,57,34,35,25,50,40,38,58,5f,23,5d,28,55,43,40,39,4d,55,\
"{16DE98D8-D650-4E69-8AA0-3D9273112FA9}"=hex:d8,98,de,16,50,d6,69,4e,8a,a0,3d,
   92,73,11,2f,a9,34,4e,4b,35,53,25,53,42,4a,5c,35,23,49,29,44,44,52,39,46,22,\
"{AE57E92E-ADCF-4877-B9CC-1F0F113736CD}"=hex:2e,e9,57,ae,cf,ad,77,48,b9,cc,1f,
   0f,11,37,36,cd,40,5e,53,57,5d,25,4a,32,5d,5f,3e,23,4a,42,4b,50,47,39,23,54,\
"{65BC8CA4-A1BB-4D6A-A17E-A52E811C44F5}"=hex:a4,8c,bc,65,bb,a1,6a,4d,a1,7e,a5,
   2e,81,1c,44,f5,44,5e,3d,5c,5f,25,47,5d,4f,58,34,23,5b,5b,54,21,51,39,5e,52,\
"{D980D581-6CC6-4BE0-91BC-B474647F0D3E}"=hex:81,d5,80,d9,c6,6c,e0,4b,91,bc,b4,
   74,64,7f,0d,3e,41,3c,3d,50,41,25,53,50,5c,3f,41,23,3b,22,44,24,4b,39,4f,58,\
"{5FB1E64F-3006-4F5C-88ED-C38C6FF0D841}"=hex:4f,e6,b1,5f,06,30,5c,4f,88,ed,c3,
   8c,6f,f0,d8,41,3b,54,30,31,44,25,5a,44,47,4a,58,23,44,45,56,58,47,39,4f,4f,\
"{CAAA4185-9BDB-4C8B-B2AE-D220E1C3E05A}"=hex:85,41,aa,ca,db,9b,8b,4c,b2,ae,d2,
   20,e1,c3,e0,5a,3a,56,5d,5c,5d,25,5b,5b,32,3a,34,23,48,5c,40,25,52,39,58,41,\
"{9F7CC8A0-711D-40F7-96E7-1EEBA187AF64}"=hex:a0,c8,7c,9f,1d,71,f7,40,96,e7,1e,
   eb,a1,87,af,64,4f,51,4d,45,50,25,47,44,3d,35,5d,23,42,58,42,57,40,39,44,41,\
"{84EF61D4-194A-4BF3-A552-E7D832179E85}"=hex:d4,61,ef,84,4a,19,f3,4b,a5,52,e7,
   d8,32,17,9e,85,30,4f,4d,43,49,25,59,38,4f,3f,43,23,47,44,55,59,4a,39,5e,23,\
"{D090D1EF-4ED1-4A8B-81E0-E5940E7EEDA7}"=hex:ef,d1,90,d0,d1,4e,8b,4a,81,e0,e5,
   94,0e,7e,ed,a7,55,46,4b,30,57,25,58,4d,5f,3e,59,23,45,41,5f,53,5f,39,4c,41,\
"{75B6E99E-EB61-4885-A72E-92131A132A49}"=hex:9e,e9,b6,75,61,eb,85,48,a7,2e,92,
   13,1a,13,2a,49,56,46,48,47,4c,25,3d,52,51,54,55,23,5c,51,4b,5e,54,39,53,5d,\
"{C2ED3D3E-1BC6-4215-B236-A20F764A07DA}"=hex:3e,3d,ed,c2,c6,1b,15,42,b2,36,a2,
   0f,76,4a,07,da,4b,37,3d,5e,4d,25,30,4e,58,4f,35,23,58,43,25,40,4b,39,43,4f,\
"{84146249-9C42-43B8-841B-418F7CB96EE5}"=hex:49,62,14,84,42,9c,b8,43,84,1b,41,
   8f,7c,b9,6e,e5,49,52,57,35,42,25,5d,5f,59,3e,3e,23,41,45,5d,44,56,39,5b,23,\
"{8CDC3080-7A40-4335-A642-147338D3C312}"=hex:80,30,dc,8c,40,7a,35,43,a6,42,14,
   73,38,d3,c3,12,55,37,5d,54,4b,25,43,3f,45,47,40,23,44,58,47,24,5d,39,21,25,\
"{939EB7D0-FC1D-4E1E-B7D7-1A6ED6092280}"=hex:d0,b7,9e,93,1d,fc,1e,4e,b7,d7,1a,
   6e,d6,09,22,80,59,33,5c,31,3e,25,4d,5a,4c,5e,49,23,5a,5d,25,57,25,39,4d,23,\
"{307B83B2-C865-4F78-A359-9F0015030C30}"=hex:b2,83,7b,30,65,c8,78,4f,a3,59,9f,
   00,15,03,0c,30,30,45,3d,54,40,25,48,4c,47,5e,34,23,44,23,54,24,57,39,43,45,\
"{5E7DE88A-FDAE-4528-808A-331542C427A7}"=hex:8a,e8,7d,5e,ae,fd,28,45,80,8a,33,
   15,42,c4,27,a7,30,47,32,4b,30,25,45,44,5d,49,38,23,42,5b,45,51,40,39,43,40,\
"{BFEED406-C1E0-4B13-9D55-DC3307ACB007}"=hex:06,d4,ee,bf,e0,c1,13,4b,9d,55,dc,
   33,07,ac,b0,07,40,43,49,34,51,25,5c,5f,3d,34,41,23,59,23,44,45,59,39,52,42,\
"{5400C9A7-1A7E-407A-9D92-E334C3A40E85}"=hex:a7,c9,00,54,7e,1a,7a,40,9d,92,e3,
   34,c3,a4,0e,85,5b,37,55,30,33,25,43,41,4c,5b,5e,23,56,22,5f,41,4b,39,50,47,\
"{09C56DC3-CC2A-4866-A5C1-F5FB5F7FE81D}"=hex:c3,6d,c5,09,2a,cc,66,48,a5,c1,f5,
   fb,5f,7f,e8,1d,44,50,49,56,4d,25,51,4e,3c,5c,4c,23,5c,53,23,40,52,39,2c,51,\
"{6D92A128-79D2-4FB8-AD3A-458DD343ED54}"=hex:28,a1,92,6d,d2,79,b8,4f,ad,3a,45,
   8d,d3,43,ed,54,36,42,4e,4e,34,25,5b,40,49,41,5c,23,5c,5e,28,47,59,39,27,51,\
"{29D7276E-6421-411D-A794-142CFE680BDA}"=hex:6e,27,d7,29,21,64,1d,41,a7,94,14,
   2c,fe,68,0b,da,59,43,5c,48,43,25,44,48,5f,59,55,23,5d,4a,27,27,5e,39,2c,50,\
"{FDB3CB22-0A42-4ABC-A875-A33F43D22BE9}"=hex:22,cb,b3,fd,42,0a,bc,4a,a8,75,a3,
   3f,43,d2,2b,e9,57,47,44,4c,53,25,48,39,5d,42,5e,23,4a,54,44,44,51,39,26,51,\
"{4002D70E-AB93-4A65-AB36-6BE923A5AC1B}"=hex:0e,d7,02,40,93,ab,65,4a,ab,36,6b,
   e9,23,a5,ac,1b,45,49,3c,47,4b,25,5f,5f,3c,4e,57,23,4b,43,5f,43,42,39,46,4f,\
"{5CAC11F4-0570-4B90-936D-C1878CEEAF6E}"=hex:f4,11,ac,5c,70,05,90,4b,93,6d,c1,
   87,8c,ee,af,6e,53,52,47,40,5d,25,51,52,4c,47,40,23,56,25,59,55,27,39,21,23,\
"{91DCEBBC-54B7-4752-8063-461BB786AD0E}"=hex:bc,eb,dc,91,b7,54,52,47,80,63,46,
   1b,b7,86,ad,0e,4e,5e,54,32,5f,25,4c,4d,43,48,5c,23,41,42,29,27,56,39,2c,44,\
"{B8877161-57ED-4883-9E46-D9853A4D9F12}"=hex:61,71,87,b8,ed,57,83,48,9e,46,d9,
   85,3a,4d,9f,12,57,32,31,31,57,25,3b,5e,4a,4e,4a,23,5e,57,59,25,44,39,59,5d,\
"{87A2AAE6-FB63-421F-BF7D-8766F7CCBEF2}"=hex:e6,aa,a2,87,63,fb,1f,42,bf,7d,87,
   66,f7,cc,be,f2,36,5d,33,57,5f,25,30,4d,3d,5f,4e,23,42,48,54,47,52,39,56,20,\
"{EE5DAD2E-249D-4FC9-B2B5-02CC786411A4}"=hex:2e,ad,5d,ee,9d,24,c9,4f,b2,b5,02,
   cc,78,64,11,a4,55,4f,53,45,53,25,3a,53,4e,4a,59,23,57,48,49,58,47,39,20,50,\
"{6CFB4D27-D644-4399-95BA-B9A9F56005B2}"=hex:27,4d,fb,6c,44,d6,99,43,95,ba,b9,
   a9,f5,60,05,b2,31,4c,4f,30,55,25,5f,5d,5f,5f,3e,23,3b,45,48,25,47,39,21,42,\
"{D5512DD1-4885-4A6B-A201-32B2C4BB738C}"=hex:d1,2d,51,d5,85,48,6b,4a,a2,01,32,
   b2,c4,bb,73,8c,45,51,33,54,4c,25,47,5e,5a,44,45,23,58,46,25,43,21,39,41,53,\
"{D4E6DE5B-C1FE-4517-B1D3-E54FA757668C}"=hex:5b,de,e6,d4,fe,c1,17,45,b1,d3,e5,
   4f,a7,57,66,8c,4b,41,5c,35,57,25,5a,3d,3c,40,41,23,5b,5e,45,25,40,39,2d,5e,\
"{E9C08E92-7FBB-413C-9F8D-8B1FEE03D65F}"=hex:92,8e,c0,e9,bb,7f,3c,41,9f,8d,8b,
   1f,ee,03,d6,5f,55,48,3c,54,56,25,5f,58,4d,4a,43,23,43,29,43,51,41,39,51,40,\
"{6F4A0A86-3888-43E3-AEAA-3F9C16CA97B8}"=hex:86,0a,4a,6f,88,38,e3,43,ae,aa,3f,
   9c,16,ca,97,b8,47,52,44,51,35,25,3c,40,5e,44,3f,23,4a,29,55,4a,21,39,52,5b,\
"{5029F0C8-6261-427B-BF6F-C1BBC53669AB}"=hex:c8,f0,29,50,61,62,7b,42,bf,6f,c1,
   bb,c5,36,69,ab,41,5d,44,54,50,25,5c,46,49,35,4e,23,47,46,54,56,59,39,40,5c,\
"{7212BF42-C520-462E-9918-22272038DE81}"=hex:42,bf,12,72,20,c5,2e,46,99,18,22,
   27,20,38,de,81,37,47,33,40,34,25,45,47,3d,4e,43,23,4d,52,24,56,49,39,22,25,\
"{EB369855-1D5E-4E16-8AB9-F688F909D2DB}"=hex:55,98,36,eb,5e,1d,16,4e,8a,b9,f6,
   88,f9,09,d2,db,48,48,42,51,5d,25,4b,3e,40,5c,47,23,5e,51,29,46,57,39,58,22,\
"{7F2EA556-93A9-4028-AE3A-50C83F0E23B5}"=hex:56,a5,2e,7f,a9,93,28,40,ae,3a,50,
   c8,3f,0e,23,b5,55,33,3c,44,50,25,43,47,3e,40,5b,23,48,56,42,5a,5e,39,2d,5e,\
"{7270DF47-0DDE-4826-BFD3-DBF925B2AA07}"=hex:47,df,70,72,de,0d,26,48,bf,d3,db,
   f9,25,b2,aa,07,56,49,5d,40,42,25,3f,40,52,42,4b,23,5e,49,57,58,56,39,2c,51,\
"{01D93F37-7A86-4D78-8E32-C5026AA637E4}"=hex:37,3f,d9,01,86,7a,78,4d,8e,32,c5,
   02,6a,a6,37,e4,3a,57,5c,57,53,25,4d,5e,41,5d,4f,23,41,51,22,44,44,39,53,5b,\
"{60BAFCA4-EEBA-49AB-A76E-D99E733ADEC3}"=hex:a4,fc,ba,60,ba,ee,ab,49,a7,6e,d9,
   9e,73,3a,de,c3,54,32,57,5f,45,25,59,5e,5d,4e,4f,23,4d,40,5f,47,5f,39,54,24,\
"{43B4D4C7-99CD-4C17-BD5D-B437A9A63A77}"=hex:c7,d4,b4,43,cd,99,17,4c,bd,5d,b4,
   37,a9,a6,3a,77,42,4a,4d,41,4c,25,5e,5e,4c,4d,3f,23,3c,55,27,5f,51,39,54,5d,\
"{05F3CDC6-C3C4-458C-BCBD-C260FB80B8C3}"=hex:c6,cd,f3,05,c4,c3,8c,45,bc,bd,c2,
   60,fb,80,b8,c3,5b,40,40,4c,4a,25,42,4e,49,54,5a,23,59,45,54,2b,25,39,56,5a,\
"{F60E943B-9CFB-40B1-AC5C-C7D0488B30E3}"=hex:3b,94,0e,f6,fb,9c,b1,40,ac,5c,c7,
   d0,48,8b,30,e3,52,54,51,3f,45,25,51,49,5a,3f,55,23,3b,44,22,50,49,39,5d,58,\
"{FD3266AA-0832-4A9F-AF9F-F82BE6B3B9F2}"=hex:aa,66,32,fd,32,08,9f,4a,af,9f,f8,
   2b,e6,b3,b9,f2,52,57,43,56,44,25,48,4b,59,35,41,23,59,5a,5a,21,50,39,5e,40,\
"{18061B91-055F-4EBA-ACC3-50BBD4957D07}"=hex:91,1b,06,18,5f,05,ba,4e,ac,c3,50,
   bb,d4,95,7d,07,42,3d,4b,3e,52,25,3e,3f,4a,39,5a,23,56,5b,56,53,52,39,4c,50,\
"{51AE1F7C-A3C4-4966-AD91-3E69654FA343}"=hex:7c,1f,ae,51,c4,a3,66,49,ad,91,3e,
   69,65,4f,a3,43,3b,5e,42,5c,5d,25,3a,53,59,48,47,23,48,46,48,43,55,39,50,5e,\
"{F25B05F9-5BFE-4514-92D4-00A3B41ABBC5}"=hex:f9,05,5b,f2,fe,5b,14,45,92,d4,00,
   a3,b4,1a,bb,c5,34,3d,43,4d,30,25,3f,42,3e,35,47,23,48,58,29,24,41,39,4d,4e,\
"{ECE0F2D3-BFB8-4A35-9A59-7A283832ADE4}"=hex:d3,f2,e0,ec,b8,bf,35,4a,9a,59,7a,
   28,38,32,ad,e4,3b,36,37,44,3e,25,5f,41,47,4b,43,23,57,5a,25,46,59,39,23,4f,\
"{41FDDC21-04F5-4640-A97E-62353AFF6328}"=hex:21,dc,fd,41,f5,04,40,46,a9,7e,62,
   35,3a,ff,63,28,40,4f,5f,43,5e,25,5b,48,58,4a,5f,23,5f,48,29,25,59,39,23,21,\
"{F12ECC02-528E-4A62-9C1D-FF4A60B1EB98}"=hex:02,cc,2e,f1,8e,52,62,4a,9c,1d,ff,
   4a,60,b1,eb,98,48,57,36,53,50,25,53,4e,5d,55,5b,23,5a,5d,41,4a,58,39,57,5a,\
"{3385F201-EAA2-4DEC-867C-4FDDE62AC70D}"=hex:01,f2,85,33,a2,ea,ec,4d,86,7c,4f,
   dd,e6,2a,c7,0d,53,41,44,51,5d,25,47,59,53,4a,3f,23,55,5a,42,46,45,39,4f,23,\
"{5BB2B01E-9566-449A-99D3-71323EA88D5C}"=hex:1e,b0,b2,5b,66,95,9a,44,99,d3,71,
   32,3e,a8,8d,5c,4d,42,44,3e,55,25,43,3c,41,4a,5d,23,4d,5e,5a,44,51,39,40,5d,\
"{CC7396BD-0F0E-408B-9C40-DEEBB17A23C0}"=hex:bd,96,73,cc,0e,0f,8b,40,9c,40,de,
   eb,b1,7a,23,c0,51,43,44,3e,3e,25,3e,52,5d,4b,3f,23,3b,27,26,42,42,39,27,4f,\
"{24DF2EF0-F056-4F5F-9939-328FE9C27822}"=hex:f0,2e,df,24,56,f0,5f,4f,99,39,32,
   8f,e9,c2,78,22,34,4f,42,48,5d,25,45,3e,5f,4a,3a,23,5d,5b,5f,4b,52,39,20,4c,\
"{28B55D20-F2BE-4221-B20C-37552D87BAF6}"=hex:20,5d,b5,28,be,f2,21,42,b2,0c,37,
   55,2d,87,ba,f6,3b,43,31,56,4c,25,5b,59,5c,38,5b,23,57,27,53,56,2a,39,43,4f,\
"{B7BB60B4-7142-45F7-8C2E-FDD7B57DF593}"=hex:b4,60,bb,b7,42,71,f7,45,8c,2e,fd,
   d7,b5,7d,f5,93,59,30,49,40,44,25,45,58,58,44,4b,23,5c,48,5d,46,5f,39,52,42,\
"{9F0E3D08-A2F5-45DC-8A8F-F48D094097E9}"=hex:08,3d,0e,9f,f5,a2,dc,45,8a,8f,f4,
   8d,09,40,97,e9,55,52,5d,33,49,25,4b,4d,38,5c,4e,23,45,47,47,42,24,39,45,24,\
"{F8C11339-F9A6-44B3-97DE-DC54079A11A0}"=hex:39,13,c1,f8,a6,f9,b3,44,97,de,dc,
   54,07,9a,11,a0,3a,50,53,31,4f,25,4b,4c,41,56,3b,23,5f,53,42,26,24,39,22,5e,\
"{548FE272-4E4A-4B44-8CCA-1066AD4FA654}"=hex:72,e2,8f,54,4a,4e,44,4b,8c,ca,10,
   66,ad,4f,a6,54,30,41,50,31,5d,25,44,3f,4a,41,38,23,44,4a,22,26,52,39,44,54,\
"{BA5833E3-C6FA-4489-B29E-9AC3FA725315}"=hex:e3,33,58,ba,fa,c6,89,44,b2,9e,9a,
   c3,fa,72,53,15,3a,56,53,4d,4d,25,42,46,3e,58,49,23,45,54,50,51,4a,39,40,50,\
"{08FF8EDF-8986-4F2D-9277-1E51429A7052}"=hex:df,8e,ff,08,86,89,2d,4f,92,77,1e,
   51,42,9a,70,52,4d,51,50,33,41,25,3c,5e,3e,49,45,23,5d,40,55,5e,56,39,2d,2f,\
"{263D84D3-AE1D-4FF4-83B7-C46ED1D04416}"=hex:d3,84,3d,26,1d,ae,f4,4f,83,b7,c4,
   6e,d1,d0,44,16,37,56,36,48,31,25,42,5e,5c,5e,3e,23,4d,56,44,55,57,39,5e,21,\
"{0296BEAA-72BF-4174-AA87-6DCB4AC70196}"=hex:aa,be,96,02,bf,72,74,41,aa,87,6d,
   cb,4a,c7,01,96,37,5e,49,32,4c,25,3d,50,4c,3f,5a,23,5c,57,5b,57,4a,39,4d,53,\
"{06FA8F64-0654-4F1F-99BA-EC337E73335D}"=hex:64,8f,fa,06,54,06,1f,4f,99,ba,ec,
   33,7e,73,33,5d,50,5c,54,4e,44,25,4d,48,3d,3e,54,23,5a,42,28,46,2a,39,52,40,\
"{A240B964-0E23-4BC1-888D-39BAC4781793}"=hex:64,b9,40,a2,23,0e,c1,4b,88,8d,39,
   ba,c4,78,17,93,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{BFBA4A54-2548-4470-8D3A-1A0FA8E8A589}"=hex:54,4a,ba,bf,48,25,70,44,8d,3a,1a,
   0f,a8,e8,a5,89,41,47,52,3e,5f,25,58,3f,3d,59,45,23,45,25,24,54,5f,39,4c,5e,\
"{A9AD27FF-87B2-4D8D-A41A-CD9ABF400D4C}"=hex:ff,27,ad,a9,b2,87,8d,4d,a4,1a,cd,
   9a,bf,40,0d,4c,5b,53,55,55,45,25,4c,39,4c,4a,4f,23,5b,5b,56,25,47,39,54,44,\
"{0EBFD787-4D22-4EB7-AC4F-5B0FE63F75DC}"=hex:87,d7,bf,0e,22,4d,b7,4e,ac,4f,5b,
   0f,e6,3f,75,dc,42,48,42,5f,40,25,4a,32,5f,46,3a,23,44,27,25,50,47,39,58,20,\
"{93280FC8-E8C9-4BF5-83F2-E86EB0A1AB96}"=hex:c8,0f,28,93,c9,e8,f5,4b,83,f2,e8,
   6e,b0,a1,ab,96,55,4c,57,55,4c,25,53,38,41,5d,5a,23,44,23,24,59,42,39,23,53,\
"{EA2F8194-3248-468F-818A-D6C6C5A81F0B}"=hex:94,81,2f,ea,48,32,8f,46,81,8a,d6,
   c6,c5,a8,1f,0b,31,55,53,40,5e,25,30,4e,5d,5b,39,23,5b,52,24,42,59,39,53,51,\
"{D6B353D4-E01F-4B5E-880A-CF451B2DA2DC}"=hex:d4,53,b3,d6,1f,e0,5e,4b,88,0a,cf,
   45,1b,2d,a2,dc,48,37,5f,53,57,25,4d,3f,4d,5c,4a,23,4b,53,5d,57,50,39,26,5d,\
"{ADF109C2-E019-46B4-8A45-50EE4E05ACD5}"=hex:c2,09,f1,ad,19,e0,b4,46,8a,45,50,
   ee,4e,05,ac,d5,3b,3d,36,51,55,25,5f,41,38,3f,49,23,41,58,59,41,5d,39,40,58,\
"{7C78BDE2-E4D9-47E1-979E-2BD66D980966}"=hex:e2,bd,78,7c,d9,e4,e1,47,97,9e,2b,
   d6,6d,98,09,66,4f,31,50,3e,57,25,4e,3e,3e,55,45,23,58,47,24,26,55,39,47,5d,\
"{2B3E4D5E-3284-4EB8-B822-D3E7EB3E08C5}"=hex:5e,4d,3e,2b,84,32,b8,4e,b8,22,d3,
   e7,eb,3e,08,c5,44,4e,4d,51,5e,25,5e,33,47,59,46,23,56,43,24,53,4b,39,58,2f,\
"{88635AE5-6FB4-43E4-A490-7FBD51376101}"=hex:e5,5a,63,88,b4,6f,e4,43,a4,90,7f,
   bd,51,37,61,01,52,57,5c,30,41,25,42,5a,53,3e,58,23,49,5d,40,57,4a,39,4c,2f,\
"{E5C2DE84-473B-4E6E-8BA4-90C864770037}"=hex:84,de,c2,e5,3b,47,6e,4e,8b,a4,90,
   c8,64,77,00,37,55,46,46,5c,3f,25,3f,47,53,59,3f,23,59,4a,47,45,20,39,26,41,\
"{F97AB5E9-B107-467B-A485-08D04E42E224}"=hex:e9,b5,7a,f9,07,b1,7b,46,a4,85,08,
   d0,4e,42,e2,24,56,54,33,52,42,25,4b,5d,53,5b,46,23,45,5e,49,2a,52,39,59,40,\
"{BDAD6B4D-92ED-424B-BA72-447505A47940}"=hex:4d,6b,ad,bd,ed,92,4b,42,ba,72,44,
   75,05,a4,79,40,49,50,51,4c,51,25,31,52,4f,4d,4f,23,39,48,5a,50,43,39,47,42,\
"{E03BF5E7-3FDD-4A0A-97F9-22A279515846}"=hex:e7,f5,3b,e0,dd,3f,0a,4a,97,f9,22,
   a2,79,51,58,46,50,40,55,4b,55,25,41,5d,5d,44,59,23,3b,41,56,42,5e,39,46,51,\
"{809800B1-28BD-4318-B1C8-3133D063E46D}"=hex:b1,00,98,80,bd,28,18,43,b1,c8,31,
   33,d0,63,e4,6d,40,31,56,3f,45,25,59,48,51,3f,3e,23,37,51,46,2a,27,39,51,24,\
"{570CAA09-3FC2-43F7-B638-34129523FD8A}"=hex:09,aa,0c,57,c2,3f,f7,43,b6,38,34,
   12,95,23,fd,8a,48,33,40,54,3f,25,50,40,5a,40,35,23,3b,25,5c,5f,2b,39,4f,45,\
"{054FEDCE-ADEC-41A2-BDF3-6F3EFA7A3351}"=hex:ce,ed,4f,05,ec,ad,a2,41,bd,f3,6f,
   3e,fa,7a,33,51,3b,3c,3d,52,41,25,50,4c,45,40,58,23,5b,5d,42,25,50,39,57,43,\
"{185373AC-4C62-4B62-B56B-E6204E35CE37}"=hex:ac,73,53,18,62,4c,62,4b,b5,6b,e6,
   20,4e,35,ce,37,41,31,46,50,30,25,4e,38,3e,39,4e,23,4a,26,5d,40,56,39,51,21,\
"{FBC0FF15-8EE6-4887-B131-F75B3D1FC6E2}"=hex:15,ff,c0,fb,e6,8e,87,48,b1,31,f7,
   5b,3d,1f,c6,e2,45,40,4e,4a,4d,25,42,4b,5f,55,43,23,4a,48,5c,2a,58,39,43,45,\
"{C84186D5-81B8-4290-A3AA-619BF998DD76}"=hex:d5,86,41,c8,b8,81,90,42,a3,aa,61,
   9b,f9,98,dd,76,4f,42,3d,42,5d,25,4c,33,4c,46,3e,23,5a,48,5f,44,5d,39,52,58,\
"{B854512D-D45C-4C7F-9DC7-2A1F26901028}"=hex:2d,51,54,b8,5c,d4,7f,4c,9d,c7,2a,
   1f,26,90,10,28,5b,31,46,32,45,25,48,33,48,5f,39,23,43,46,5b,5c,46,39,56,5b,\
"{6677E81D-E302-43CD-B86E-41E3C41D5C40}"=hex:1d,e8,77,66,02,e3,cd,43,b8,6e,41,
   e3,c4,1d,5c,40,4e,3c,4e,40,54,25,50,42,5f,44,54,23,58,26,53,4b,50,39,50,55,\
"{789DC87C-F610-4FF0-9A5F-6F7FCA94554F}"=hex:7c,c8,9d,78,10,f6,f0,4f,9a,5f,6f,
   7f,ca,94,55,4f,31,4a,32,3e,49,25,4a,4f,4c,4d,59,23,38,57,44,56,56,39,57,4c,\
"{58E689A9-051A-45EF-B288-0845E9B8B23D}"=hex:a9,89,e6,58,1a,05,ef,45,b2,88,08,
   45,e9,b8,b2,3d,4b,57,43,33,53,25,5c,4d,38,58,3f,23,58,5d,40,59,25,39,59,45,\
"{A7103D2D-582B-47EB-AED4-BF4076E5E7BA}"=hex:2d,3d,10,a7,2b,58,eb,47,ae,d4,bf,
   40,76,e5,e7,ba,5b,5d,40,4b,44,25,58,33,3c,4e,5b,23,37,5c,27,26,56,39,58,25,\
"{2BE8E93F-DC91-4454-B5BE-E55A34132845}"=hex:3f,e9,e8,2b,91,dc,54,44,b5,be,e5,
   5a,34,13,28,45,49,48,4d,40,34,25,3d,5e,3f,5f,4e,23,3b,43,47,58,59,39,40,55,\
"{0BB61490-C36C-42C8-B4B6-7F7EB5D2E69D}"=hex:90,14,b6,0b,6c,c3,c8,42,b4,b6,7f,
   7e,b5,d2,e6,9d,50,4f,56,40,53,25,43,4b,33,40,4a,23,39,48,49,26,5f,39,26,5b,\
"{FAF6E97F-20F3-4730-B263-A9B24E8A7490}"=hex:7f,e9,f6,fa,f3,20,30,47,b2,63,a9,
   b2,4e,8a,74,90,5b,46,54,48,31,25,53,50,47,5f,49,23,39,58,40,5f,56,39,4d,22,\
"{770D8AE7-5762-41EC-8FCC-1D5905F29F4D}"=hex:e7,8a,0d,77,62,57,ec,41,8f,cc,1d,
   59,05,f2,9f,4d,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\
"{5C18922F-20A7-4593-96B4-0F6159F38A4A}"=hex:2f,92,18,5c,a7,20,93,45,96,b4,0f,
   61,59,f3,8a,4a,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\
"{DA75E6D8-17DC-4080-9051-34F5F0222704}"=hex:d8,e6,75,da,dc,17,80,40,90,51,34,
   f5,f0,22,27,04,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\
"{816FD6D6-367E-4C40-B8A3-099C9DC961CE}"=hex:d6,d6,6f,81,7e,36,40,4c,b8,a3,09,
   9c,9d,c9,61,ce,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\
"{0CD202EA-7CEF-4702-85B7-311CAE2D2C2F}"=hex:ea,02,d2,0c,ef,7c,02,47,85,b7,31,
   1c,ae,2d,2c,2f,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\
"{A55726DE-7A89-451A-9636-027690A1BE7F}"=hex:de,26,57,a5,89,7a,1a,45,96,36,02,
   76,90,a1,be,7f,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\
"{6C20E2A4-BE16-443A-8359-3731EDBFDF6C}"=hex:a4,e2,20,6c,16,be,3a,44,83,59,37,
   31,ed,bf,df,6c,31,3c,5f,40,51,25,51,5b,5b,5e,4b,23,57,22,5b,42,59,39,26,47,\
"{A11C1829-5D4B-48B8-A03A-E2DAA5208F48}"=hex:29,18,1c,a1,4b,5d,b8,48,a0,3a,e2,
   da,a5,20,8f,48,50,52,30,51,4b,25,4b,39,3c,41,4b,23,47,27,43,46,24,39,52,2e,\
"{B7B4AA2C-F9D0-42AE-A87B-FB22B8B3A059}"=hex:2c,aa,b4,b7,d0,f9,ae,42,a8,7b,fb,
   22,b8,b3,a0,59,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\
"{F3A7A042-02A9-4330-AE7C-9B3983D72517}"=hex:42,a0,a7,f3,a9,02,30,43,ae,7c,9b,
   39,83,d7,25,17,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\
"{2BA2BA37-A25F-4191-9CEF-638A1A9261F4}"=hex:37,ba,a2,2b,5f,a2,91,41,9c,ef,63,
   8a,1a,92,61,f4,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\
"{2656EDBA-C274-443A-985C-AE520E869B56}"=hex:ba,ed,56,26,74,c2,3a,44,98,5c,ae,
   52,0e,86,9b,56,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\
"{DEB6CD47-AA07-4F51-8006-34EB9820A8D1}"=hex:47,cd,b6,de,07,aa,51,4f,80,06,34,
   eb,98,20,a8,d1,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\
"{9C772F37-910F-4DE4-9420-5FFAFF2DD825}"=hex:37,2f,77,9c,0f,91,e4,4d,94,20,5f,
   fa,ff,2d,d8,25,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\
"{21C6A024-0D0E-4104-8795-55918EF9DB47}"=hex:24,a0,c6,21,0e,0d,04,41,87,95,55,
   91,8e,f9,db,47,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{130E19F9-10E4-4753-9906-B56B7E540DB8}"=hex:f9,19,0e,13,e4,10,53,47,99,06,b5,
   6b,7e,54,0d,b8,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23,
   23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{548D7133-BFC7-463E-B275-BE592A8DB4F4}"=hex:33,71,8d,54,c7,bf,3e,46,b2,75,be,
   59,2a,8d,b4,f4,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{5193401A-1179-45C6-9EBE-3D3DB170CB99}"=hex:1a,40,93,51,79,11,c6,45,9e,be,3d,
   3d,b1,70,cb,99,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{D2704A9E-7665-4B5D-BB73-A1E973FB22D5}"=hex:9e,4a,70,d2,65,76,5d,4b,bb,73,a1,
   e9,73,fb,22,d5,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{97D1E1A5-0B77-40E8-BF45-E0B73C97BA2B}"=hex:a5,e1,d1,97,77,0b,e8,40,bf,45,e0,
   b7,3c,97,ba,2b,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{717D9115-604A-4967-BDBE-D15372A017C8}"=hex:15,91,7d,71,4a,60,67,49,bd,be,d1,
   53,72,a0,17,c8,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
"{C9762D4F-FC80-486A-8F23-F6B259660F88}"=hex:4f,2d,76,c9,80,fc,6a,48,8f,23,f6,
   b2,59,66,0f,88,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\
"{23CAB8A1-EE44-4D84-BF8B-12D6487D9C50}"=hex:a1,b8,ca,23,44,ee,84,4d,bf,8b,12,
   d6,48,7d,9c,50,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\
.
[HKEY_USERS\S-1-5-21-2799653475-1206912365-1311522834-1001\Software\Microsoft\Metro\AppCompat]
@Denied: (A) (Everyone)
"{9C772F37-910F-4DE4-9420-5FFAFF2DD825}"=hex:37,2f,77,9c,0f,91,e4,4d,94,20,5f,
   fa,ff,2d,d8,25,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\
"{21C6A024-0D0E-4104-8795-55918EF9DB47}"=hex:24,a0,c6,21,0e,0d,04,41,87,95,55,
   91,8e,f9,db,47,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{130E19F9-10E4-4753-9906-B56B7E540DB8}"=hex:f9,19,0e,13,e4,10,53,47,99,06,b5,
   6b,7e,54,0d,b8,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23,
   23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{548D7133-BFC7-463E-B275-BE592A8DB4F4}"=hex:33,71,8d,54,c7,bf,3e,46,b2,75,be,
   59,2a,8d,b4,f4,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{5193401A-1179-45C6-9EBE-3D3DB170CB99}"=hex:1a,40,93,51,79,11,c6,45,9e,be,3d,
   3d,b1,70,cb,99,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{D2704A9E-7665-4B5D-BB73-A1E973FB22D5}"=hex:9e,4a,70,d2,65,76,5d,4b,bb,73,a1,
   e9,73,fb,22,d5,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{97D1E1A5-0B77-40E8-BF45-E0B73C97BA2B}"=hex:a5,e1,d1,97,77,0b,e8,40,bf,45,e0,
   b7,3c,97,ba,2b,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{717D9115-604A-4967-BDBE-D15372A017C8}"=hex:15,91,7d,71,4a,60,67,49,bd,be,d1,
   53,72,a0,17,c8,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
"{C9762D4F-FC80-486A-8F23-F6B259660F88}"=hex:4f,2d,76,c9,80,fc,6a,48,8f,23,f6,
   b2,59,66,0f,88,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\
"{23CAB8A1-EE44-4D84-BF8B-12D6487D9C50}"=hex:a1,b8,ca,23,44,ee,84,4d,bf,8b,12,
   d6,48,7d,9c,50,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\
.
[HKEY_USERS\S-1-5-21-2799653475-1206912365-1311522834-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\DlgInfo]
@Denied: (A) (Everyone)
"{21C6A024-0D0E-4104-8795-55918EF9DB47}"=hex:24,a0,c6,21,0e,0d,04,41,87,95,55,
   91,8e,f9,db,47,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{130E19F9-10E4-4753-9906-B56B7E540DB8}"=hex:f9,19,0e,13,e4,10,53,47,99,06,b5,
   6b,7e,54,0d,b8,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23,
   23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{548D7133-BFC7-463E-B275-BE592A8DB4F4}"=hex:33,71,8d,54,c7,bf,3e,46,b2,75,be,
   59,2a,8d,b4,f4,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{5193401A-1179-45C6-9EBE-3D3DB170CB99}"=hex:1a,40,93,51,79,11,c6,45,9e,be,3d,
   3d,b1,70,cb,99,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{D2704A9E-7665-4B5D-BB73-A1E973FB22D5}"=hex:9e,4a,70,d2,65,76,5d,4b,bb,73,a1,
   e9,73,fb,22,d5,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{97D1E1A5-0B77-40E8-BF45-E0B73C97BA2B}"=hex:a5,e1,d1,97,77,0b,e8,40,bf,45,e0,
   b7,3c,97,ba,2b,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{717D9115-604A-4967-BDBE-D15372A017C8}"=hex:15,91,7d,71,4a,60,67,49,bd,be,d1,
   53,72,a0,17,c8,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
"{C9762D4F-FC80-486A-8F23-F6B259660F88}"=hex:4f,2d,76,c9,80,fc,6a,48,8f,23,f6,
   b2,59,66,0f,88,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\
"{23CAB8A1-EE44-4D84-BF8B-12D6487D9C50}"=hex:a1,b8,ca,23,44,ee,84,4d,bf,8b,12,
   d6,48,7d,9c,50,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\
.
Link to post
Share on other sites
krwebber53

krwebber53

Posted
  • Author
Posted

Part 3

[HKEY_USERS\S-1-5-21-2799653475-1206912365-1311522834-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\YRABIB69]
@Denied: (A) (Everyone)
"{21C6A024-0D0E-4104-8795-55918EF9DB47}"=hex:24,a0,c6,21,0e,0d,04,41,87,95,55,
   91,8e,f9,db,47,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{130E19F9-10E4-4753-9906-B56B7E540DB8}"=hex:f9,19,0e,13,e4,10,53,47,99,06,b5,
   6b,7e,54,0d,b8,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23,
   23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{548D7133-BFC7-463E-B275-BE592A8DB4F4}"=hex:33,71,8d,54,c7,bf,3e,46,b2,75,be,
   59,2a,8d,b4,f4,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{5193401A-1179-45C6-9EBE-3D3DB170CB99}"=hex:1a,40,93,51,79,11,c6,45,9e,be,3d,
   3d,b1,70,cb,99,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{D2704A9E-7665-4B5D-BB73-A1E973FB22D5}"=hex:9e,4a,70,d2,65,76,5d,4b,bb,73,a1,
   e9,73,fb,22,d5,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{97D1E1A5-0B77-40E8-BF45-E0B73C97BA2B}"=hex:a5,e1,d1,97,77,0b,e8,40,bf,45,e0,
   b7,3c,97,ba,2b,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{717D9115-604A-4967-BDBE-D15372A017C8}"=hex:15,91,7d,71,4a,60,67,49,bd,be,d1,
   53,72,a0,17,c8,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
"{C9762D4F-FC80-486A-8F23-F6B259660F88}"=hex:4f,2d,76,c9,80,fc,6a,48,8f,23,f6,
   b2,59,66,0f,88,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\
"{23CAB8A1-EE44-4D84-BF8B-12D6487D9C50}"=hex:a1,b8,ca,23,44,ee,84,4d,bf,8b,12,
   d6,48,7d,9c,50,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\
.
[HKEY_USERS\S-1-5-21-2799653475-1206912365-1311522834-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Disallowed]
@Denied: (A) (Everyone)
"{A240B964-0E23-4BC1-888D-39BAC4781793}"=hex:64,b9,40,a2,23,0e,c1,4b,88,8d,39,
   ba,c4,78,17,93,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{BFBA4A54-2548-4470-8D3A-1A0FA8E8A589}"=hex:54,4a,ba,bf,48,25,70,44,8d,3a,1a,
   0f,a8,e8,a5,89,41,47,52,3e,5f,25,58,3f,3d,59,45,23,45,25,24,54,5f,39,4c,5e,\
"{A9AD27FF-87B2-4D8D-A41A-CD9ABF400D4C}"=hex:ff,27,ad,a9,b2,87,8d,4d,a4,1a,cd,
   9a,bf,40,0d,4c,5b,53,55,55,45,25,4c,39,4c,4a,4f,23,5b,5b,56,25,47,39,54,44,\
"{0EBFD787-4D22-4EB7-AC4F-5B0FE63F75DC}"=hex:87,d7,bf,0e,22,4d,b7,4e,ac,4f,5b,
   0f,e6,3f,75,dc,42,48,42,5f,40,25,4a,32,5f,46,3a,23,44,27,25,50,47,39,58,20,\
"{93280FC8-E8C9-4BF5-83F2-E86EB0A1AB96}"=hex:c8,0f,28,93,c9,e8,f5,4b,83,f2,e8,
   6e,b0,a1,ab,96,55,4c,57,55,4c,25,53,38,41,5d,5a,23,44,23,24,59,42,39,23,53,\
"{EA2F8194-3248-468F-818A-D6C6C5A81F0B}"=hex:94,81,2f,ea,48,32,8f,46,81,8a,d6,
   c6,c5,a8,1f,0b,31,55,53,40,5e,25,30,4e,5d,5b,39,23,5b,52,24,42,59,39,53,51,\
"{D6B353D4-E01F-4B5E-880A-CF451B2DA2DC}"=hex:d4,53,b3,d6,1f,e0,5e,4b,88,0a,cf,
   45,1b,2d,a2,dc,48,37,5f,53,57,25,4d,3f,4d,5c,4a,23,4b,53,5d,57,50,39,26,5d,\
"{ADF109C2-E019-46B4-8A45-50EE4E05ACD5}"=hex:c2,09,f1,ad,19,e0,b4,46,8a,45,50,
   ee,4e,05,ac,d5,3b,3d,36,51,55,25,5f,41,38,3f,49,23,41,58,59,41,5d,39,40,58,\
"{7C78BDE2-E4D9-47E1-979E-2BD66D980966}"=hex:e2,bd,78,7c,d9,e4,e1,47,97,9e,2b,
   d6,6d,98,09,66,4f,31,50,3e,57,25,4e,3e,3e,55,45,23,58,47,24,26,55,39,47,5d,\
"{2B3E4D5E-3284-4EB8-B822-D3E7EB3E08C5}"=hex:5e,4d,3e,2b,84,32,b8,4e,b8,22,d3,
   e7,eb,3e,08,c5,44,4e,4d,51,5e,25,5e,33,47,59,46,23,56,43,24,53,4b,39,58,2f,\
"{88635AE5-6FB4-43E4-A490-7FBD51376101}"=hex:e5,5a,63,88,b4,6f,e4,43,a4,90,7f,
   bd,51,37,61,01,52,57,5c,30,41,25,42,5a,53,3e,58,23,49,5d,40,57,4a,39,4c,2f,\
"{E5C2DE84-473B-4E6E-8BA4-90C864770037}"=hex:84,de,c2,e5,3b,47,6e,4e,8b,a4,90,
   c8,64,77,00,37,55,46,46,5c,3f,25,3f,47,53,59,3f,23,59,4a,47,45,20,39,26,41,\
"{F97AB5E9-B107-467B-A485-08D04E42E224}"=hex:e9,b5,7a,f9,07,b1,7b,46,a4,85,08,
   d0,4e,42,e2,24,56,54,33,52,42,25,4b,5d,53,5b,46,23,45,5e,49,2a,52,39,59,40,\
"{BDAD6B4D-92ED-424B-BA72-447505A47940}"=hex:4d,6b,ad,bd,ed,92,4b,42,ba,72,44,
   75,05,a4,79,40,49,50,51,4c,51,25,31,52,4f,4d,4f,23,39,48,5a,50,43,39,47,42,\
"{E03BF5E7-3FDD-4A0A-97F9-22A279515846}"=hex:e7,f5,3b,e0,dd,3f,0a,4a,97,f9,22,
   a2,79,51,58,46,50,40,55,4b,55,25,41,5d,5d,44,59,23,3b,41,56,42,5e,39,46,51,\
"{809800B1-28BD-4318-B1C8-3133D063E46D}"=hex:b1,00,98,80,bd,28,18,43,b1,c8,31,
   33,d0,63,e4,6d,40,31,56,3f,45,25,59,48,51,3f,3e,23,37,51,46,2a,27,39,51,24,\
"{570CAA09-3FC2-43F7-B638-34129523FD8A}"=hex:09,aa,0c,57,c2,3f,f7,43,b6,38,34,
   12,95,23,fd,8a,48,33,40,54,3f,25,50,40,5a,40,35,23,3b,25,5c,5f,2b,39,4f,45,\
"{054FEDCE-ADEC-41A2-BDF3-6F3EFA7A3351}"=hex:ce,ed,4f,05,ec,ad,a2,41,bd,f3,6f,
   3e,fa,7a,33,51,3b,3c,3d,52,41,25,50,4c,45,40,58,23,5b,5d,42,25,50,39,57,43,\
"{185373AC-4C62-4B62-B56B-E6204E35CE37}"=hex:ac,73,53,18,62,4c,62,4b,b5,6b,e6,
   20,4e,35,ce,37,41,31,46,50,30,25,4e,38,3e,39,4e,23,4a,26,5d,40,56,39,51,21,\
"{FBC0FF15-8EE6-4887-B131-F75B3D1FC6E2}"=hex:15,ff,c0,fb,e6,8e,87,48,b1,31,f7,
   5b,3d,1f,c6,e2,45,40,4e,4a,4d,25,42,4b,5f,55,43,23,4a,48,5c,2a,58,39,43,45,\
"{C84186D5-81B8-4290-A3AA-619BF998DD76}"=hex:d5,86,41,c8,b8,81,90,42,a3,aa,61,
   9b,f9,98,dd,76,4f,42,3d,42,5d,25,4c,33,4c,46,3e,23,5a,48,5f,44,5d,39,52,58,\
"{B854512D-D45C-4C7F-9DC7-2A1F26901028}"=hex:2d,51,54,b8,5c,d4,7f,4c,9d,c7,2a,
   1f,26,90,10,28,5b,31,46,32,45,25,48,33,48,5f,39,23,43,46,5b,5c,46,39,56,5b,\
"{6677E81D-E302-43CD-B86E-41E3C41D5C40}"=hex:1d,e8,77,66,02,e3,cd,43,b8,6e,41,
   e3,c4,1d,5c,40,4e,3c,4e,40,54,25,50,42,5f,44,54,23,58,26,53,4b,50,39,50,55,\
"{789DC87C-F610-4FF0-9A5F-6F7FCA94554F}"=hex:7c,c8,9d,78,10,f6,f0,4f,9a,5f,6f,
   7f,ca,94,55,4f,31,4a,32,3e,49,25,4a,4f,4c,4d,59,23,38,57,44,56,56,39,57,4c,\
"{58E689A9-051A-45EF-B288-0845E9B8B23D}"=hex:a9,89,e6,58,1a,05,ef,45,b2,88,08,
   45,e9,b8,b2,3d,4b,57,43,33,53,25,5c,4d,38,58,3f,23,58,5d,40,59,25,39,59,45,\
"{A7103D2D-582B-47EB-AED4-BF4076E5E7BA}"=hex:2d,3d,10,a7,2b,58,eb,47,ae,d4,bf,
   40,76,e5,e7,ba,5b,5d,40,4b,44,25,58,33,3c,4e,5b,23,37,5c,27,26,56,39,58,25,\
"{2BE8E93F-DC91-4454-B5BE-E55A34132845}"=hex:3f,e9,e8,2b,91,dc,54,44,b5,be,e5,
   5a,34,13,28,45,49,48,4d,40,34,25,3d,5e,3f,5f,4e,23,3b,43,47,58,59,39,40,55,\
"{0BB61490-C36C-42C8-B4B6-7F7EB5D2E69D}"=hex:90,14,b6,0b,6c,c3,c8,42,b4,b6,7f,
   7e,b5,d2,e6,9d,50,4f,56,40,53,25,43,4b,33,40,4a,23,39,48,49,26,5f,39,26,5b,\
"{FAF6E97F-20F3-4730-B263-A9B24E8A7490}"=hex:7f,e9,f6,fa,f3,20,30,47,b2,63,a9,
   b2,4e,8a,74,90,5b,46,54,48,31,25,53,50,47,5f,49,23,39,58,40,5f,56,39,4d,22,\
"{770D8AE7-5762-41EC-8FCC-1D5905F29F4D}"=hex:e7,8a,0d,77,62,57,ec,41,8f,cc,1d,
   59,05,f2,9f,4d,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\
"{5C18922F-20A7-4593-96B4-0F6159F38A4A}"=hex:2f,92,18,5c,a7,20,93,45,96,b4,0f,
   61,59,f3,8a,4a,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\
"{DA75E6D8-17DC-4080-9051-34F5F0222704}"=hex:d8,e6,75,da,dc,17,80,40,90,51,34,
   f5,f0,22,27,04,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\
"{816FD6D6-367E-4C40-B8A3-099C9DC961CE}"=hex:d6,d6,6f,81,7e,36,40,4c,b8,a3,09,
   9c,9d,c9,61,ce,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\
"{0CD202EA-7CEF-4702-85B7-311CAE2D2C2F}"=hex:ea,02,d2,0c,ef,7c,02,47,85,b7,31,
   1c,ae,2d,2c,2f,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\
"{A55726DE-7A89-451A-9636-027690A1BE7F}"=hex:de,26,57,a5,89,7a,1a,45,96,36,02,
   76,90,a1,be,7f,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\
"{6C20E2A4-BE16-443A-8359-3731EDBFDF6C}"=hex:a4,e2,20,6c,16,be,3a,44,83,59,37,
   31,ed,bf,df,6c,31,3c,5f,40,51,25,51,5b,5b,5e,4b,23,57,22,5b,42,59,39,26,47,\
"{A11C1829-5D4B-48B8-A03A-E2DAA5208F48}"=hex:29,18,1c,a1,4b,5d,b8,48,a0,3a,e2,
   da,a5,20,8f,48,50,52,30,51,4b,25,4b,39,3c,41,4b,23,47,27,43,46,24,39,52,2e,\
"{B7B4AA2C-F9D0-42AE-A87B-FB22B8B3A059}"=hex:2c,aa,b4,b7,d0,f9,ae,42,a8,7b,fb,
   22,b8,b3,a0,59,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\
"{F3A7A042-02A9-4330-AE7C-9B3983D72517}"=hex:42,a0,a7,f3,a9,02,30,43,ae,7c,9b,
   39,83,d7,25,17,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\
"{2BA2BA37-A25F-4191-9CEF-638A1A9261F4}"=hex:37,ba,a2,2b,5f,a2,91,41,9c,ef,63,
   8a,1a,92,61,f4,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\
"{2656EDBA-C274-443A-985C-AE520E869B56}"=hex:ba,ed,56,26,74,c2,3a,44,98,5c,ae,
   52,0e,86,9b,56,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\
"{DEB6CD47-AA07-4F51-8006-34EB9820A8D1}"=hex:47,cd,b6,de,07,aa,51,4f,80,06,34,
   eb,98,20,a8,d1,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\
"{9C772F37-910F-4DE4-9420-5FFAFF2DD825}"=hex:37,2f,77,9c,0f,91,e4,4d,94,20,5f,
   fa,ff,2d,d8,25,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\
"{21C6A024-0D0E-4104-8795-55918EF9DB47}"=hex:24,a0,c6,21,0e,0d,04,41,87,95,55,
   91,8e,f9,db,47,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{130E19F9-10E4-4753-9906-B56B7E540DB8}"=hex:f9,19,0e,13,e4,10,53,47,99,06,b5,
   6b,7e,54,0d,b8,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23,
   23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{548D7133-BFC7-463E-B275-BE592A8DB4F4}"=hex:33,71,8d,54,c7,bf,3e,46,b2,75,be,
   59,2a,8d,b4,f4,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{5193401A-1179-45C6-9EBE-3D3DB170CB99}"=hex:1a,40,93,51,79,11,c6,45,9e,be,3d,
   3d,b1,70,cb,99,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{D2704A9E-7665-4B5D-BB73-A1E973FB22D5}"=hex:9e,4a,70,d2,65,76,5d,4b,bb,73,a1,
   e9,73,fb,22,d5,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{97D1E1A5-0B77-40E8-BF45-E0B73C97BA2B}"=hex:a5,e1,d1,97,77,0b,e8,40,bf,45,e0,
   b7,3c,97,ba,2b,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{717D9115-604A-4967-BDBE-D15372A017C8}"=hex:15,91,7d,71,4a,60,67,49,bd,be,d1,
   53,72,a0,17,c8,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
"{C9762D4F-FC80-486A-8F23-F6B259660F88}"=hex:4f,2d,76,c9,80,fc,6a,48,8f,23,f6,
   b2,59,66,0f,88,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\
"{23CAB8A1-EE44-4D84-BF8B-12D6487D9C50}"=hex:a1,b8,ca,23,44,ee,84,4d,bf,8b,12,
   d6,48,7d,9c,50,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\
.
[HKEY_USERS\S-1-5-21-2799653475-1206912365-1311522834-1001\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Handlers]
@Denied: (A) (Everyone)
"{770D8AE7-5762-41EC-8FCC-1D5905F29F4D}"=hex:e7,8a,0d,77,62,57,ec,41,8f,cc,1d,
   59,05,f2,9f,4d,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\
"{5C18922F-20A7-4593-96B4-0F6159F38A4A}"=hex:2f,92,18,5c,a7,20,93,45,96,b4,0f,
   61,59,f3,8a,4a,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\
"{DA75E6D8-17DC-4080-9051-34F5F0222704}"=hex:d8,e6,75,da,dc,17,80,40,90,51,34,
   f5,f0,22,27,04,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\
"{816FD6D6-367E-4C40-B8A3-099C9DC961CE}"=hex:d6,d6,6f,81,7e,36,40,4c,b8,a3,09,
   9c,9d,c9,61,ce,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\
"{0CD202EA-7CEF-4702-85B7-311CAE2D2C2F}"=hex:ea,02,d2,0c,ef,7c,02,47,85,b7,31,
   1c,ae,2d,2c,2f,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\
"{A55726DE-7A89-451A-9636-027690A1BE7F}"=hex:de,26,57,a5,89,7a,1a,45,96,36,02,
   76,90,a1,be,7f,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\
"{6C20E2A4-BE16-443A-8359-3731EDBFDF6C}"=hex:a4,e2,20,6c,16,be,3a,44,83,59,37,
   31,ed,bf,df,6c,31,3c,5f,40,51,25,51,5b,5b,5e,4b,23,57,22,5b,42,59,39,26,47,\
"{A11C1829-5D4B-48B8-A03A-E2DAA5208F48}"=hex:29,18,1c,a1,4b,5d,b8,48,a0,3a,e2,
   da,a5,20,8f,48,50,52,30,51,4b,25,4b,39,3c,41,4b,23,47,27,43,46,24,39,52,2e,\
"{B7B4AA2C-F9D0-42AE-A87B-FB22B8B3A059}"=hex:2c,aa,b4,b7,d0,f9,ae,42,a8,7b,fb,
   22,b8,b3,a0,59,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\
"{F3A7A042-02A9-4330-AE7C-9B3983D72517}"=hex:42,a0,a7,f3,a9,02,30,43,ae,7c,9b,
   39,83,d7,25,17,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\
"{2BA2BA37-A25F-4191-9CEF-638A1A9261F4}"=hex:37,ba,a2,2b,5f,a2,91,41,9c,ef,63,
   8a,1a,92,61,f4,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\
"{2656EDBA-C274-443A-985C-AE520E869B56}"=hex:ba,ed,56,26,74,c2,3a,44,98,5c,ae,
   52,0e,86,9b,56,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\
"{DEB6CD47-AA07-4F51-8006-34EB9820A8D1}"=hex:47,cd,b6,de,07,aa,51,4f,80,06,34,
   eb,98,20,a8,d1,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\
"{9C772F37-910F-4DE4-9420-5FFAFF2DD825}"=hex:37,2f,77,9c,0f,91,e4,4d,94,20,5f,
   fa,ff,2d,d8,25,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\
"{21C6A024-0D0E-4104-8795-55918EF9DB47}"=hex:24,a0,c6,21,0e,0d,04,41,87,95,55,
   91,8e,f9,db,47,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{130E19F9-10E4-4753-9906-B56B7E540DB8}"=hex:f9,19,0e,13,e4,10,53,47,99,06,b5,
   6b,7e,54,0d,b8,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23,
   23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{548D7133-BFC7-463E-B275-BE592A8DB4F4}"=hex:33,71,8d,54,c7,bf,3e,46,b2,75,be,
   59,2a,8d,b4,f4,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{5193401A-1179-45C6-9EBE-3D3DB170CB99}"=hex:1a,40,93,51,79,11,c6,45,9e,be,3d,
   3d,b1,70,cb,99,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{D2704A9E-7665-4B5D-BB73-A1E973FB22D5}"=hex:9e,4a,70,d2,65,76,5d,4b,bb,73,a1,
   e9,73,fb,22,d5,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{97D1E1A5-0B77-40E8-BF45-E0B73C97BA2B}"=hex:a5,e1,d1,97,77,0b,e8,40,bf,45,e0,
   b7,3c,97,ba,2b,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{717D9115-604A-4967-BDBE-D15372A017C8}"=hex:15,91,7d,71,4a,60,67,49,bd,be,d1,
   53,72,a0,17,c8,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
"{C9762D4F-FC80-486A-8F23-F6B259660F88}"=hex:4f,2d,76,c9,80,fc,6a,48,8f,23,f6,
   b2,59,66,0f,88,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\
"{23CAB8A1-EE44-4D84-BF8B-12D6487D9C50}"=hex:a1,b8,ca,23,44,ee,84,4d,bf,8b,12,
   d6,48,7d,9c,50,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\GPSoftware\Directory Opus\Config\System\Data]
@Denied: (A) (Everyone)
"{B7BB60B4-7142-45F7-8C2E-FDD7B57DF593}"=hex:b4,60,bb,b7,42,71,f7,45,8c,2e,fd,
   d7,b5,7d,f5,93,59,30,49,40,44,25,45,58,58,44,4b,23,5c,48,5d,46,5f,39,52,42,\
"{9F0E3D08-A2F5-45DC-8A8F-F48D094097E9}"=hex:08,3d,0e,9f,f5,a2,dc,45,8a,8f,f4,
   8d,09,40,97,e9,55,52,5d,33,49,25,4b,4d,38,5c,4e,23,45,47,47,42,24,39,45,24,\
"{F8C11339-F9A6-44B3-97DE-DC54079A11A0}"=hex:39,13,c1,f8,a6,f9,b3,44,97,de,dc,
   54,07,9a,11,a0,3a,50,53,31,4f,25,4b,4c,41,56,3b,23,5f,53,42,26,24,39,22,5e,\
"{548FE272-4E4A-4B44-8CCA-1066AD4FA654}"=hex:72,e2,8f,54,4a,4e,44,4b,8c,ca,10,
   66,ad,4f,a6,54,30,41,50,31,5d,25,44,3f,4a,41,38,23,44,4a,22,26,52,39,44,54,\
"{BA5833E3-C6FA-4489-B29E-9AC3FA725315}"=hex:e3,33,58,ba,fa,c6,89,44,b2,9e,9a,
   c3,fa,72,53,15,3a,56,53,4d,4d,25,42,46,3e,58,49,23,45,54,50,51,4a,39,40,50,\
"{08FF8EDF-8986-4F2D-9277-1E51429A7052}"=hex:df,8e,ff,08,86,89,2d,4f,92,77,1e,
   51,42,9a,70,52,4d,51,50,33,41,25,3c,5e,3e,49,45,23,5d,40,55,5e,56,39,2d,2f,\
"{263D84D3-AE1D-4FF4-83B7-C46ED1D04416}"=hex:d3,84,3d,26,1d,ae,f4,4f,83,b7,c4,
   6e,d1,d0,44,16,37,56,36,48,31,25,42,5e,5c,5e,3e,23,4d,56,44,55,57,39,5e,21,\
"{0296BEAA-72BF-4174-AA87-6DCB4AC70196}"=hex:aa,be,96,02,bf,72,74,41,aa,87,6d,
   cb,4a,c7,01,96,37,5e,49,32,4c,25,3d,50,4c,3f,5a,23,5c,57,5b,57,4a,39,4d,53,\
"{06FA8F64-0654-4F1F-99BA-EC337E73335D}"=hex:64,8f,fa,06,54,06,1f,4f,99,ba,ec,
   33,7e,73,33,5d,50,5c,54,4e,44,25,4d,48,3d,3e,54,23,5a,42,28,46,2a,39,52,40,\
"{A240B964-0E23-4BC1-888D-39BAC4781793}"=hex:64,b9,40,a2,23,0e,c1,4b,88,8d,39,
   ba,c4,78,17,93,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{BFBA4A54-2548-4470-8D3A-1A0FA8E8A589}"=hex:54,4a,ba,bf,48,25,70,44,8d,3a,1a,
   0f,a8,e8,a5,89,41,47,52,3e,5f,25,58,3f,3d,59,45,23,45,25,24,54,5f,39,4c,5e,\
"{A9AD27FF-87B2-4D8D-A41A-CD9ABF400D4C}"=hex:ff,27,ad,a9,b2,87,8d,4d,a4,1a,cd,
   9a,bf,40,0d,4c,5b,53,55,55,45,25,4c,39,4c,4a,4f,23,5b,5b,56,25,47,39,54,44,\
"{0EBFD787-4D22-4EB7-AC4F-5B0FE63F75DC}"=hex:87,d7,bf,0e,22,4d,b7,4e,ac,4f,5b,
   0f,e6,3f,75,dc,42,48,42,5f,40,25,4a,32,5f,46,3a,23,44,27,25,50,47,39,58,20,\
"{93280FC8-E8C9-4BF5-83F2-E86EB0A1AB96}"=hex:c8,0f,28,93,c9,e8,f5,4b,83,f2,e8,
   6e,b0,a1,ab,96,55,4c,57,55,4c,25,53,38,41,5d,5a,23,44,23,24,59,42,39,23,53,\
"{EA2F8194-3248-468F-818A-D6C6C5A81F0B}"=hex:94,81,2f,ea,48,32,8f,46,81,8a,d6,
   c6,c5,a8,1f,0b,31,55,53,40,5e,25,30,4e,5d,5b,39,23,5b,52,24,42,59,39,53,51,\
"{D6B353D4-E01F-4B5E-880A-CF451B2DA2DC}"=hex:d4,53,b3,d6,1f,e0,5e,4b,88,0a,cf,
   45,1b,2d,a2,dc,48,37,5f,53,57,25,4d,3f,4d,5c,4a,23,4b,53,5d,57,50,39,26,5d,\
"{ADF109C2-E019-46B4-8A45-50EE4E05ACD5}"=hex:c2,09,f1,ad,19,e0,b4,46,8a,45,50,
   ee,4e,05,ac,d5,3b,3d,36,51,55,25,5f,41,38,3f,49,23,41,58,59,41,5d,39,40,58,\
"{7C78BDE2-E4D9-47E1-979E-2BD66D980966}"=hex:e2,bd,78,7c,d9,e4,e1,47,97,9e,2b,
   d6,6d,98,09,66,4f,31,50,3e,57,25,4e,3e,3e,55,45,23,58,47,24,26,55,39,47,5d,\
"{2B3E4D5E-3284-4EB8-B822-D3E7EB3E08C5}"=hex:5e,4d,3e,2b,84,32,b8,4e,b8,22,d3,
   e7,eb,3e,08,c5,44,4e,4d,51,5e,25,5e,33,47,59,46,23,56,43,24,53,4b,39,58,2f,\
"{88635AE5-6FB4-43E4-A490-7FBD51376101}"=hex:e5,5a,63,88,b4,6f,e4,43,a4,90,7f,
   bd,51,37,61,01,52,57,5c,30,41,25,42,5a,53,3e,58,23,49,5d,40,57,4a,39,4c,2f,\
"{E5C2DE84-473B-4E6E-8BA4-90C864770037}"=hex:84,de,c2,e5,3b,47,6e,4e,8b,a4,90,
   c8,64,77,00,37,55,46,46,5c,3f,25,3f,47,53,59,3f,23,59,4a,47,45,20,39,26,41,\
"{F97AB5E9-B107-467B-A485-08D04E42E224}"=hex:e9,b5,7a,f9,07,b1,7b,46,a4,85,08,
   d0,4e,42,e2,24,56,54,33,52,42,25,4b,5d,53,5b,46,23,45,5e,49,2a,52,39,59,40,\
"{BDAD6B4D-92ED-424B-BA72-447505A47940}"=hex:4d,6b,ad,bd,ed,92,4b,42,ba,72,44,
   75,05,a4,79,40,49,50,51,4c,51,25,31,52,4f,4d,4f,23,39,48,5a,50,43,39,47,42,\
"{E03BF5E7-3FDD-4A0A-97F9-22A279515846}"=hex:e7,f5,3b,e0,dd,3f,0a,4a,97,f9,22,
   a2,79,51,58,46,50,40,55,4b,55,25,41,5d,5d,44,59,23,3b,41,56,42,5e,39,46,51,\
"{809800B1-28BD-4318-B1C8-3133D063E46D}"=hex:b1,00,98,80,bd,28,18,43,b1,c8,31,
   33,d0,63,e4,6d,40,31,56,3f,45,25,59,48,51,3f,3e,23,37,51,46,2a,27,39,51,24,\
"{570CAA09-3FC2-43F7-B638-34129523FD8A}"=hex:09,aa,0c,57,c2,3f,f7,43,b6,38,34,
   12,95,23,fd,8a,48,33,40,54,3f,25,50,40,5a,40,35,23,3b,25,5c,5f,2b,39,4f,45,\
"{054FEDCE-ADEC-41A2-BDF3-6F3EFA7A3351}"=hex:ce,ed,4f,05,ec,ad,a2,41,bd,f3,6f,
   3e,fa,7a,33,51,3b,3c,3d,52,41,25,50,4c,45,40,58,23,5b,5d,42,25,50,39,57,43,\
"{185373AC-4C62-4B62-B56B-E6204E35CE37}"=hex:ac,73,53,18,62,4c,62,4b,b5,6b,e6,
   20,4e,35,ce,37,41,31,46,50,30,25,4e,38,3e,39,4e,23,4a,26,5d,40,56,39,51,21,\
"{FBC0FF15-8EE6-4887-B131-F75B3D1FC6E2}"=hex:15,ff,c0,fb,e6,8e,87,48,b1,31,f7,
   5b,3d,1f,c6,e2,45,40,4e,4a,4d,25,42,4b,5f,55,43,23,4a,48,5c,2a,58,39,43,45,\
"{C84186D5-81B8-4290-A3AA-619BF998DD76}"=hex:d5,86,41,c8,b8,81,90,42,a3,aa,61,
   9b,f9,98,dd,76,4f,42,3d,42,5d,25,4c,33,4c,46,3e,23,5a,48,5f,44,5d,39,52,58,\
"{B854512D-D45C-4C7F-9DC7-2A1F26901028}"=hex:2d,51,54,b8,5c,d4,7f,4c,9d,c7,2a,
   1f,26,90,10,28,5b,31,46,32,45,25,48,33,48,5f,39,23,43,46,5b,5c,46,39,56,5b,\
"{6677E81D-E302-43CD-B86E-41E3C41D5C40}"=hex:1d,e8,77,66,02,e3,cd,43,b8,6e,41,
   e3,c4,1d,5c,40,4e,3c,4e,40,54,25,50,42,5f,44,54,23,58,26,53,4b,50,39,50,55,\
"{789DC87C-F610-4FF0-9A5F-6F7FCA94554F}"=hex:7c,c8,9d,78,10,f6,f0,4f,9a,5f,6f,
   7f,ca,94,55,4f,31,4a,32,3e,49,25,4a,4f,4c,4d,59,23,38,57,44,56,56,39,57,4c,\
"{58E689A9-051A-45EF-B288-0845E9B8B23D}"=hex:a9,89,e6,58,1a,05,ef,45,b2,88,08,
   45,e9,b8,b2,3d,4b,57,43,33,53,25,5c,4d,38,58,3f,23,58,5d,40,59,25,39,59,45,\
"{A7103D2D-582B-47EB-AED4-BF4076E5E7BA}"=hex:2d,3d,10,a7,2b,58,eb,47,ae,d4,bf,
   40,76,e5,e7,ba,5b,5d,40,4b,44,25,58,33,3c,4e,5b,23,37,5c,27,26,56,39,58,25,\
"{2BE8E93F-DC91-4454-B5BE-E55A34132845}"=hex:3f,e9,e8,2b,91,dc,54,44,b5,be,e5,
   5a,34,13,28,45,49,48,4d,40,34,25,3d,5e,3f,5f,4e,23,3b,43,47,58,59,39,40,55,\
"{0BB61490-C36C-42C8-B4B6-7F7EB5D2E69D}"=hex:90,14,b6,0b,6c,c3,c8,42,b4,b6,7f,
   7e,b5,d2,e6,9d,50,4f,56,40,53,25,43,4b,33,40,4a,23,39,48,49,26,5f,39,26,5b,\
"{FAF6E97F-20F3-4730-B263-A9B24E8A7490}"=hex:7f,e9,f6,fa,f3,20,30,47,b2,63,a9,
   b2,4e,8a,74,90,5b,46,54,48,31,25,53,50,47,5f,49,23,39,58,40,5f,56,39,4d,22,\
"{770D8AE7-5762-41EC-8FCC-1D5905F29F4D}"=hex:e7,8a,0d,77,62,57,ec,41,8f,cc,1d,
   59,05,f2,9f,4d,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\
"{5C18922F-20A7-4593-96B4-0F6159F38A4A}"=hex:2f,92,18,5c,a7,20,93,45,96,b4,0f,
   61,59,f3,8a,4a,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\
"{DA75E6D8-17DC-4080-9051-34F5F0222704}"=hex:d8,e6,75,da,dc,17,80,40,90,51,34,
   f5,f0,22,27,04,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\
"{816FD6D6-367E-4C40-B8A3-099C9DC961CE}"=hex:d6,d6,6f,81,7e,36,40,4c,b8,a3,09,
   9c,9d,c9,61,ce,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\
"{0CD202EA-7CEF-4702-85B7-311CAE2D2C2F}"=hex:ea,02,d2,0c,ef,7c,02,47,85,b7,31,
   1c,ae,2d,2c,2f,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\
"{A55726DE-7A89-451A-9636-027690A1BE7F}"=hex:de,26,57,a5,89,7a,1a,45,96,36,02,
   76,90,a1,be,7f,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\
"{6C20E2A4-BE16-443A-8359-3731EDBFDF6C}"=hex:a4,e2,20,6c,16,be,3a,44,83,59,37,
   31,ed,bf,df,6c,31,3c,5f,40,51,25,51,5b,5b,5e,4b,23,57,22,5b,42,59,39,26,47,\
"{A11C1829-5D4B-48B8-A03A-E2DAA5208F48}"=hex:29,18,1c,a1,4b,5d,b8,48,a0,3a,e2,
   da,a5,20,8f,48,50,52,30,51,4b,25,4b,39,3c,41,4b,23,47,27,43,46,24,39,52,2e,\
"{B7B4AA2C-F9D0-42AE-A87B-FB22B8B3A059}"=hex:2c,aa,b4,b7,d0,f9,ae,42,a8,7b,fb,
   22,b8,b3,a0,59,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\
"{F3A7A042-02A9-4330-AE7C-9B3983D72517}"=hex:42,a0,a7,f3,a9,02,30,43,ae,7c,9b,
   39,83,d7,25,17,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\
"{2BA2BA37-A25F-4191-9CEF-638A1A9261F4}"=hex:37,ba,a2,2b,5f,a2,91,41,9c,ef,63,
   8a,1a,92,61,f4,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\
"{2656EDBA-C274-443A-985C-AE520E869B56}"=hex:ba,ed,56,26,74,c2,3a,44,98,5c,ae,
   52,0e,86,9b,56,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\
"{DEB6CD47-AA07-4F51-8006-34EB9820A8D1}"=hex:47,cd,b6,de,07,aa,51,4f,80,06,34,
   eb,98,20,a8,d1,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\
"{9C772F37-910F-4DE4-9420-5FFAFF2DD825}"=hex:37,2f,77,9c,0f,91,e4,4d,94,20,5f,
   fa,ff,2d,d8,25,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\
"{21C6A024-0D0E-4104-8795-55918EF9DB47}"=hex:24,a0,c6,21,0e,0d,04,41,87,95,55,
   91,8e,f9,db,47,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{130E19F9-10E4-4753-9906-B56B7E540DB8}"=hex:f9,19,0e,13,e4,10,53,47,99,06,b5,
   6b,7e,54,0d,b8,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23,
   23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{548D7133-BFC7-463E-B275-BE592A8DB4F4}"=hex:33,71,8d,54,c7,bf,3e,46,b2,75,be,
   59,2a,8d,b4,f4,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{5193401A-1179-45C6-9EBE-3D3DB170CB99}"=hex:1a,40,93,51,79,11,c6,45,9e,be,3d,
   3d,b1,70,cb,99,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{D2704A9E-7665-4B5D-BB73-A1E973FB22D5}"=hex:9e,4a,70,d2,65,76,5d,4b,bb,73,a1,
   e9,73,fb,22,d5,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{97D1E1A5-0B77-40E8-BF45-E0B73C97BA2B}"=hex:a5,e1,d1,97,77,0b,e8,40,bf,45,e0,
   b7,3c,97,ba,2b,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{717D9115-604A-4967-BDBE-D15372A017C8}"=hex:15,91,7d,71,4a,60,67,49,bd,be,d1,
   53,72,a0,17,c8,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
"{C9762D4F-FC80-486A-8F23-F6B259660F88}"=hex:4f,2d,76,c9,80,fc,6a,48,8f,23,f6,
   b2,59,66,0f,88,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\
"{23CAB8A1-EE44-4D84-BF8B-12D6487D9C50}"=hex:a1,b8,ca,23,44,ee,84,4d,bf,8b,12,
   d6,48,7d,9c,50,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DesktopInterfaceMethod]
@Denied: (A) (Everyone)
"{B7BB60B4-7142-45F7-8C2E-FDD7B57DF593}"=hex:b4,60,bb,b7,42,71,f7,45,8c,2e,fd,
   d7,b5,7d,f5,93,59,30,49,40,44,25,45,58,58,44,4b,23,5c,48,5d,46,5f,39,52,42,\
"{9F0E3D08-A2F5-45DC-8A8F-F48D094097E9}"=hex:08,3d,0e,9f,f5,a2,dc,45,8a,8f,f4,
   8d,09,40,97,e9,55,52,5d,33,49,25,4b,4d,38,5c,4e,23,45,47,47,42,24,39,45,24,\
"{F8C11339-F9A6-44B3-97DE-DC54079A11A0}"=hex:39,13,c1,f8,a6,f9,b3,44,97,de,dc,
   54,07,9a,11,a0,3a,50,53,31,4f,25,4b,4c,41,56,3b,23,5f,53,42,26,24,39,22,5e,\
"{548FE272-4E4A-4B44-8CCA-1066AD4FA654}"=hex:72,e2,8f,54,4a,4e,44,4b,8c,ca,10,
   66,ad,4f,a6,54,30,41,50,31,5d,25,44,3f,4a,41,38,23,44,4a,22,26,52,39,44,54,\
"{BA5833E3-C6FA-4489-B29E-9AC3FA725315}"=hex:e3,33,58,ba,fa,c6,89,44,b2,9e,9a,
   c3,fa,72,53,15,3a,56,53,4d,4d,25,42,46,3e,58,49,23,45,54,50,51,4a,39,40,50,\
"{08FF8EDF-8986-4F2D-9277-1E51429A7052}"=hex:df,8e,ff,08,86,89,2d,4f,92,77,1e,
   51,42,9a,70,52,4d,51,50,33,41,25,3c,5e,3e,49,45,23,5d,40,55,5e,56,39,2d,2f,\
"{263D84D3-AE1D-4FF4-83B7-C46ED1D04416}"=hex:d3,84,3d,26,1d,ae,f4,4f,83,b7,c4,
   6e,d1,d0,44,16,37,56,36,48,31,25,42,5e,5c,5e,3e,23,4d,56,44,55,57,39,5e,21,\
"{0296BEAA-72BF-4174-AA87-6DCB4AC70196}"=hex:aa,be,96,02,bf,72,74,41,aa,87,6d,
   cb,4a,c7,01,96,37,5e,49,32,4c,25,3d,50,4c,3f,5a,23,5c,57,5b,57,4a,39,4d,53,\
"{06FA8F64-0654-4F1F-99BA-EC337E73335D}"=hex:64,8f,fa,06,54,06,1f,4f,99,ba,ec,
   33,7e,73,33,5d,50,5c,54,4e,44,25,4d,48,3d,3e,54,23,5a,42,28,46,2a,39,52,40,\
"{A240B964-0E23-4BC1-888D-39BAC4781793}"=hex:64,b9,40,a2,23,0e,c1,4b,88,8d,39,
   ba,c4,78,17,93,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{BFBA4A54-2548-4470-8D3A-1A0FA8E8A589}"=hex:54,4a,ba,bf,48,25,70,44,8d,3a,1a,
   0f,a8,e8,a5,89,41,47,52,3e,5f,25,58,3f,3d,59,45,23,45,25,24,54,5f,39,4c,5e,\
"{A9AD27FF-87B2-4D8D-A41A-CD9ABF400D4C}"=hex:ff,27,ad,a9,b2,87,8d,4d,a4,1a,cd,
   9a,bf,40,0d,4c,5b,53,55,55,45,25,4c,39,4c,4a,4f,23,5b,5b,56,25,47,39,54,44,\
"{0EBFD787-4D22-4EB7-AC4F-5B0FE63F75DC}"=hex:87,d7,bf,0e,22,4d,b7,4e,ac,4f,5b,
   0f,e6,3f,75,dc,42,48,42,5f,40,25,4a,32,5f,46,3a,23,44,27,25,50,47,39,58,20,\
"{93280FC8-E8C9-4BF5-83F2-E86EB0A1AB96}"=hex:c8,0f,28,93,c9,e8,f5,4b,83,f2,e8,
   6e,b0,a1,ab,96,55,4c,57,55,4c,25,53,38,41,5d,5a,23,44,23,24,59,42,39,23,53,\
"{EA2F8194-3248-468F-818A-D6C6C5A81F0B}"=hex:94,81,2f,ea,48,32,8f,46,81,8a,d6,
   c6,c5,a8,1f,0b,31,55,53,40,5e,25,30,4e,5d,5b,39,23,5b,52,24,42,59,39,53,51,\
"{D6B353D4-E01F-4B5E-880A-CF451B2DA2DC}"=hex:d4,53,b3,d6,1f,e0,5e,4b,88,0a,cf,
   45,1b,2d,a2,dc,48,37,5f,53,57,25,4d,3f,4d,5c,4a,23,4b,53,5d,57,50,39,26,5d,\
"{ADF109C2-E019-46B4-8A45-50EE4E05ACD5}"=hex:c2,09,f1,ad,19,e0,b4,46,8a,45,50,
   ee,4e,05,ac,d5,3b,3d,36,51,55,25,5f,41,38,3f,49,23,41,58,59,41,5d,39,40,58,\
"{7C78BDE2-E4D9-47E1-979E-2BD66D980966}"=hex:e2,bd,78,7c,d9,e4,e1,47,97,9e,2b,
   d6,6d,98,09,66,4f,31,50,3e,57,25,4e,3e,3e,55,45,23,58,47,24,26,55,39,47,5d,\
"{2B3E4D5E-3284-4EB8-B822-D3E7EB3E08C5}"=hex:5e,4d,3e,2b,84,32,b8,4e,b8,22,d3,
   e7,eb,3e,08,c5,44,4e,4d,51,5e,25,5e,33,47,59,46,23,56,43,24,53,4b,39,58,2f,\
"{88635AE5-6FB4-43E4-A490-7FBD51376101}"=hex:e5,5a,63,88,b4,6f,e4,43,a4,90,7f,
   bd,51,37,61,01,52,57,5c,30,41,25,42,5a,53,3e,58,23,49,5d,40,57,4a,39,4c,2f,\
"{E5C2DE84-473B-4E6E-8BA4-90C864770037}"=hex:84,de,c2,e5,3b,47,6e,4e,8b,a4,90,
   c8,64,77,00,37,55,46,46,5c,3f,25,3f,47,53,59,3f,23,59,4a,47,45,20,39,26,41,\
"{F97AB5E9-B107-467B-A485-08D04E42E224}"=hex:e9,b5,7a,f9,07,b1,7b,46,a4,85,08,
   d0,4e,42,e2,24,56,54,33,52,42,25,4b,5d,53,5b,46,23,45,5e,49,2a,52,39,59,40,\
"{BDAD6B4D-92ED-424B-BA72-447505A47940}"=hex:4d,6b,ad,bd,ed,92,4b,42,ba,72,44,
   75,05,a4,79,40,49,50,51,4c,51,25,31,52,4f,4d,4f,23,39,48,5a,50,43,39,47,42,\
"{E03BF5E7-3FDD-4A0A-97F9-22A279515846}"=hex:e7,f5,3b,e0,dd,3f,0a,4a,97,f9,22,
   a2,79,51,58,46,50,40,55,4b,55,25,41,5d,5d,44,59,23,3b,41,56,42,5e,39,46,51,\
"{809800B1-28BD-4318-B1C8-3133D063E46D}"=hex:b1,00,98,80,bd,28,18,43,b1,c8,31,
   33,d0,63,e4,6d,40,31,56,3f,45,25,59,48,51,3f,3e,23,37,51,46,2a,27,39,51,24,\
"{570CAA09-3FC2-43F7-B638-34129523FD8A}"=hex:09,aa,0c,57,c2,3f,f7,43,b6,38,34,
   12,95,23,fd,8a,48,33,40,54,3f,25,50,40,5a,40,35,23,3b,25,5c,5f,2b,39,4f,45,\
"{054FEDCE-ADEC-41A2-BDF3-6F3EFA7A3351}"=hex:ce,ed,4f,05,ec,ad,a2,41,bd,f3,6f,
   3e,fa,7a,33,51,3b,3c,3d,52,41,25,50,4c,45,40,58,23,5b,5d,42,25,50,39,57,43,\
"{185373AC-4C62-4B62-B56B-E6204E35CE37}"=hex:ac,73,53,18,62,4c,62,4b,b5,6b,e6,
   20,4e,35,ce,37,41,31,46,50,30,25,4e,38,3e,39,4e,23,4a,26,5d,40,56,39,51,21,\
"{FBC0FF15-8EE6-4887-B131-F75B3D1FC6E2}"=hex:15,ff,c0,fb,e6,8e,87,48,b1,31,f7,
   5b,3d,1f,c6,e2,45,40,4e,4a,4d,25,42,4b,5f,55,43,23,4a,48,5c,2a,58,39,43,45,\
"{C84186D5-81B8-4290-A3AA-619BF998DD76}"=hex:d5,86,41,c8,b8,81,90,42,a3,aa,61,
   9b,f9,98,dd,76,4f,42,3d,42,5d,25,4c,33,4c,46,3e,23,5a,48,5f,44,5d,39,52,58,\
"{B854512D-D45C-4C7F-9DC7-2A1F26901028}"=hex:2d,51,54,b8,5c,d4,7f,4c,9d,c7,2a,
   1f,26,90,10,28,5b,31,46,32,45,25,48,33,48,5f,39,23,43,46,5b,5c,46,39,56,5b,\
"{6677E81D-E302-43CD-B86E-41E3C41D5C40}"=hex:1d,e8,77,66,02,e3,cd,43,b8,6e,41,
   e3,c4,1d,5c,40,4e,3c,4e,40,54,25,50,42,5f,44,54,23,58,26,53,4b,50,39,50,55,\
"{789DC87C-F610-4FF0-9A5F-6F7FCA94554F}"=hex:7c,c8,9d,78,10,f6,f0,4f,9a,5f,6f,
   7f,ca,94,55,4f,31,4a,32,3e,49,25,4a,4f,4c,4d,59,23,38,57,44,56,56,39,57,4c,\
"{58E689A9-051A-45EF-B288-0845E9B8B23D}"=hex:a9,89,e6,58,1a,05,ef,45,b2,88,08,
   45,e9,b8,b2,3d,4b,57,43,33,53,25,5c,4d,38,58,3f,23,58,5d,40,59,25,39,59,45,\
"{A7103D2D-582B-47EB-AED4-BF4076E5E7BA}"=hex:2d,3d,10,a7,2b,58,eb,47,ae,d4,bf,
   40,76,e5,e7,ba,5b,5d,40,4b,44,25,58,33,3c,4e,5b,23,37,5c,27,26,56,39,58,25,\
"{2BE8E93F-DC91-4454-B5BE-E55A34132845}"=hex:3f,e9,e8,2b,91,dc,54,44,b5,be,e5,
   5a,34,13,28,45,49,48,4d,40,34,25,3d,5e,3f,5f,4e,23,3b,43,47,58,59,39,40,55,\
"{0BB61490-C36C-42C8-B4B6-7F7EB5D2E69D}"=hex:90,14,b6,0b,6c,c3,c8,42,b4,b6,7f,
   7e,b5,d2,e6,9d,50,4f,56,40,53,25,43,4b,33,40,4a,23,39,48,49,26,5f,39,26,5b,\
"{FAF6E97F-20F3-4730-B263-A9B24E8A7490}"=hex:7f,e9,f6,fa,f3,20,30,47,b2,63,a9,
   b2,4e,8a,74,90,5b,46,54,48,31,25,53,50,47,5f,49,23,39,58,40,5f,56,39,4d,22,\
"{770D8AE7-5762-41EC-8FCC-1D5905F29F4D}"=hex:e7,8a,0d,77,62,57,ec,41,8f,cc,1d,
   59,05,f2,9f,4d,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\
"{5C18922F-20A7-4593-96B4-0F6159F38A4A}"=hex:2f,92,18,5c,a7,20,93,45,96,b4,0f,
   61,59,f3,8a,4a,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\
"{DA75E6D8-17DC-4080-9051-34F5F0222704}"=hex:d8,e6,75,da,dc,17,80,40,90,51,34,
   f5,f0,22,27,04,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\
"{816FD6D6-367E-4C40-B8A3-099C9DC961CE}"=hex:d6,d6,6f,81,7e,36,40,4c,b8,a3,09,
   9c,9d,c9,61,ce,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\
"{0CD202EA-7CEF-4702-85B7-311CAE2D2C2F}"=hex:ea,02,d2,0c,ef,7c,02,47,85,b7,31,
   1c,ae,2d,2c,2f,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\
"{A55726DE-7A89-451A-9636-027690A1BE7F}"=hex:de,26,57,a5,89,7a,1a,45,96,36,02,
   76,90,a1,be,7f,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\
"{6C20E2A4-BE16-443A-8359-3731EDBFDF6C}"=hex:a4,e2,20,6c,16,be,3a,44,83,59,37,
   31,ed,bf,df,6c,31,3c,5f,40,51,25,51,5b,5b,5e,4b,23,57,22,5b,42,59,39,26,47,\
"{A11C1829-5D4B-48B8-A03A-E2DAA5208F48}"=hex:29,18,1c,a1,4b,5d,b8,48,a0,3a,e2,
   da,a5,20,8f,48,50,52,30,51,4b,25,4b,39,3c,41,4b,23,47,27,43,46,24,39,52,2e,\
"{B7B4AA2C-F9D0-42AE-A87B-FB22B8B3A059}"=hex:2c,aa,b4,b7,d0,f9,ae,42,a8,7b,fb,
   22,b8,b3,a0,59,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\
"{F3A7A042-02A9-4330-AE7C-9B3983D72517}"=hex:42,a0,a7,f3,a9,02,30,43,ae,7c,9b,
   39,83,d7,25,17,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\
"{2BA2BA37-A25F-4191-9CEF-638A1A9261F4}"=hex:37,ba,a2,2b,5f,a2,91,41,9c,ef,63,
   8a,1a,92,61,f4,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\
"{2656EDBA-C274-443A-985C-AE520E869B56}"=hex:ba,ed,56,26,74,c2,3a,44,98,5c,ae,
   52,0e,86,9b,56,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\
"{DEB6CD47-AA07-4F51-8006-34EB9820A8D1}"=hex:47,cd,b6,de,07,aa,51,4f,80,06,34,
   eb,98,20,a8,d1,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\
"{9C772F37-910F-4DE4-9420-5FFAFF2DD825}"=hex:37,2f,77,9c,0f,91,e4,4d,94,20,5f,
   fa,ff,2d,d8,25,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\
"{21C6A024-0D0E-4104-8795-55918EF9DB47}"=hex:24,a0,c6,21,0e,0d,04,41,87,95,55,
   91,8e,f9,db,47,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{130E19F9-10E4-4753-9906-B56B7E540DB8}"=hex:f9,19,0e,13,e4,10,53,47,99,06,b5,
   6b,7e,54,0d,b8,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23,
   23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{548D7133-BFC7-463E-B275-BE592A8DB4F4}"=hex:33,71,8d,54,c7,bf,3e,46,b2,75,be,
   59,2a,8d,b4,f4,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{5193401A-1179-45C6-9EBE-3D3DB170CB99}"=hex:1a,40,93,51,79,11,c6,45,9e,be,3d,
   3d,b1,70,cb,99,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{D2704A9E-7665-4B5D-BB73-A1E973FB22D5}"=hex:9e,4a,70,d2,65,76,5d,4b,bb,73,a1,
   e9,73,fb,22,d5,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{97D1E1A5-0B77-40E8-BF45-E0B73C97BA2B}"=hex:a5,e1,d1,97,77,0b,e8,40,bf,45,e0,
   b7,3c,97,ba,2b,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{717D9115-604A-4967-BDBE-D15372A017C8}"=hex:15,91,7d,71,4a,60,67,49,bd,be,d1,
   53,72,a0,17,c8,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
"{C9762D4F-FC80-486A-8F23-F6B259660F88}"=hex:4f,2d,76,c9,80,fc,6a,48,8f,23,f6,
   b2,59,66,0f,88,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\
"{23CAB8A1-EE44-4D84-BF8B-12D6487D9C50}"=hex:a1,b8,ca,23,44,ee,84,4d,bf,8b,12,
   d6,48,7d,9c,50,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\FileZilla Server\FileZilla Server.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\users\webberk\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
.
**************************************************************************
.
Completion time: 2013-12-15  23:48:00 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-16 05:47
ComboFix2.txt  2012-09-28 00:41
.
Pre-Run: 782,984,990,720 bytes free
Post-Run: 782,735,630,336 bytes free
.
- - End Of File - - 1EFFC6C01276A925DE0583BB347340B5
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Thanks!

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

One last scan, please:

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Glad I could help! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Please uninstall ESET Online Scanner and manually delete Kaspersky AVP .

Step 4

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.