Jump to content

Group policy error

fjbrad

By fjbrad
in Resolved Malware Removal Logs

 Share

Recommended Posts

fjbrad

fjbrad

Posted
Posted

I have been afflicted with some nasty bug. The contents of attach and dds follow

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 27/09/2011 10:07:53 AM
System Uptime: 19/12/2013 5:03:30 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | 2AC2
Processor: Intel® Pentium® CPU G620 @ 2.60GHz | CPU 1 | 2600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 874.248 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.451 GiB free.
E: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP152: 09/11/2013 2:19:17 PM - Scheduled Checkpoint
RP153: 16/11/2013 7:44:17 PM - Scheduled Checkpoint
RP154: 24/11/2013 9:27:02 AM - Scheduled Checkpoint
RP155: 01/12/2013 7:58:03 PM - Scheduled Checkpoint
RP156: 10/12/2013 9:15:09 AM - Scheduled Checkpoint
RP157: 17/12/2013 8:18:28 PM - Scheduled Checkpoint
.
==== Image File Execution Options =============
.
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browsermngr.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
IFEO: bundlesweetimsetup.exe - tasklist.exe
IFEO: cltmngsvc.exe - tasklist.exe
IFEO: delta babylon.exe - tasklist.exe
IFEO: delta tb.exe - tasklist.exe
IFEO: delta2.exe - tasklist.exe
IFEO: deltainstaller.exe - tasklist.exe
IFEO: deltasetup.exe - tasklist.exe
IFEO: deltatb.exe - tasklist.exe
IFEO: deltatb_2501-c733154b.exe - tasklist.exe
IFEO: iminentsetup.exe - tasklist.exe
IFEO: rjatydimofu.exe - tasklist.exe
IFEO: sweetimsetup.exe - tasklist.exe
IFEO: tbdelta.exetoolbar783881609.exe - tasklist.exe
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: browsemngr.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browsermngr.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
x64-IFEO: bundlesweetimsetup.exe - tasklist.exe
x64-IFEO: cltmngsvc.exe - tasklist.exe
x64-IFEO: delta babylon.exe - tasklist.exe
x64-IFEO: delta tb.exe - tasklist.exe
x64-IFEO: delta2.exe - tasklist.exe
x64-IFEO: deltainstaller.exe - tasklist.exe
x64-IFEO: deltasetup.exe - tasklist.exe
x64-IFEO: deltatb.exe - tasklist.exe
x64-IFEO: deltatb_2501-c733154b.exe - tasklist.exe
x64-IFEO: iminentsetup.exe - tasklist.exe
x64-IFEO: rjatydimofu.exe - tasklist.exe
x64-IFEO: sweetimsetup.exe - tasklist.exe
x64-IFEO: tbdelta.exetoolbar783881609.exe - tasklist.exe
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Agatha Christie - Peril at End House
avast! Free Antivirus
Bejeweled 2 Deluxe
Bejeweled 3
Blackhawk Striker 2
Blasterball 3
Blio
Bonjour
Bounce Symphony
Build-a-lot 2
Cake Mania
Canon Easy-PhotoPrint EX
Canon Easy-PhotoPrint Pro
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon iP2700 series Printer Driver
Canon MG6200 series MP Drivers
Canon MG6200 series On-screen Manual
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
CCleaner
CCScore
Chuzzle Deluxe
Compatibility Pack for the 2007 Office system
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Coupon Matcher
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Farm Frenzy
FATE - The Traitor Soul
fflink
File Type Assistant
Final Drive Nitro
Foxit Reader 5.0
Free File Viewer 2011
Galerie de photos Windows Live
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Games
HP Odometer
HP Setup
HP Setup Manager
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HPAsset component for HP Active Support Library
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
inTuneMP3
IrfanView (remove only)
Itibiti RTC
iTunes
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LabelPrint
Logitech QuickCam Software
Mah Jong Medley
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Download Manager
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 24.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Oasis
MusicOasis
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
netbrdg
OfotoXMI
PDF Complete Special Edition
Penguins!
Picasa 3
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
PressReader
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SFR
SHASTA
skin0001
SKINXSDK
Slingo Supreme
staticcr
tooltips
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VPRINTOL
Webshots Desktop
What's Running 3.0
WildTangent Games App (HP Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WIRELESS
Yahoo! Software Update
Yahoo! Toolbar
Yontoo Layers Runtime 1.10.01
Zinio Reader 4
Zuma Deluxe
.
==== End Of File ===========================
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Bill at 17:24:47 on 2013-12-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.4003.2648 [GMT -5:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\PROGRA~2\Webshots\webshots.scr
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\splwow64.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.





mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Google Update] "C:\Users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [TBHostSupport] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Bill\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Oqics] regsvr32.exe C:\Users\Bill\AppData\Local\Oqics\commonAgenspi.dll
uRun: [stwihos] regsvr32.exe /s "C:\ProgramData\stwihos.dat"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\56d03e96-9ad7-4ee1-b80f-1d6ffa3f429b.exe /check
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Bill\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Webshots.lnk - C:\Program Files (x86)\Webshots\Launcher.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{272DC1CF-45C6-47D8-BED0-6939FBDB79F8} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{945BC30D-3EB8-486D-9099-8301B50DD5C0} : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\musict~1\datamngr\mgrldr.dll
SSODL: WebCheck - <orphaned>
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browsermngr.exe - tasklist.exe
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: browsemngr.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browsermngr.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\u3nbeui9.default-1369882191062\

FF - prefs.js: browser.search.selectedEngine - Vgrabber v1.5 Customized Web Search


FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Bill\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Windows\npMSDM.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-11-01 16:12; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-12-05 16:31; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\u3nbeui9.default-1369882191062\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-11-1 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-11-1 205320]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-11-1 1032416]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-11-1 409832]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-3 46368]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-11-1 38984]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-11-1 84328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-1 50344]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-7-8 1127448]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-8 2656280]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-7-8 1041760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-8 412776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-7-8 158976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-28 1255736]
S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S4 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [2013-10-2 1734680]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: EasyShare.exe: Preview="C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Easyshare.exe"
.
=============== Created Last 30 ================
.
2013-12-18 21:28:36    --------    d-----w-    C:\Users\Bill\AppData\Local\{B782842D-9720-427C-B1AF-526110617FAB}
2013-12-17 23:03:55    --------    d-----w-    C:\Users\Bill\AppData\Local\{5DB54227-A0F9-4078-97A3-E78B052DDD58}
2013-12-16 20:10:20    197324    ----a-w-    C:\ProgramData\stwihos.dat
2013-12-16 17:52:40    --------    d-----w-    C:\Users\Bill\AppData\Local\{E10C7F05-9EA4-4917-B7BF-28F56F777CCF}
2013-12-16 03:43:14    --------    d-----w-    C:\Users\Bill\AppData\Local\{B143948F-C524-467C-B7C3-578E38B0B301}
2013-12-15 14:52:19    --------    d-----w-    C:\Users\Bill\AppData\Local\{58A439E6-B310-4BE0-A9A1-5DE1FE04BCF1}
2013-12-15 14:49:26    10285968    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7AAF143-3258-44E9-A935-6E1C8103825D}\mpengine.dll
2013-12-15 02:52:07    --------    d-----w-    C:\Users\Bill\AppData\Local\{9CC7FB8C-9BA0-452A-95EB-E757DDBC8421}
2013-12-14 14:51:43    --------    d-----w-    C:\Users\Bill\AppData\Local\{3CB34414-87AE-4E7F-A761-5BE5866EF7D4}
2013-12-14 00:55:15    --------    d-----w-    C:\Users\Bill\AppData\Local\Oqics
2013-12-13 23:27:50    --------    d-----w-    C:\Users\Bill\AppData\Local\{97CB7D00-3806-48E9-A836-5C92B35DA78F}
2013-12-13 11:04:39    --------    d-----w-    C:\Users\Bill\AppData\Local\{0CF0AE35-D68C-48E6-B2AC-4B1AEF920D5A}
2013-12-12 21:55:32    --------    d-----w-    C:\Users\Bill\AppData\Local\{7CA6EEB7-CB80-4A1F-85C5-4FB09CF74BCA}
2013-12-12 21:37:15    --------    d-----w-    C:\Users\Bill\AppData\Local\TBHostSupport
2013-12-12 21:37:15    --------    d-----w-    C:\Users\Bill\AppData\Local\NativeMessaging
2013-12-12 04:04:27    --------    d-----w-    C:\Users\Bill\AppData\Local\{DD9A6CE4-2F71-4B72-A0BB-E5632E096691}
2013-12-11 10:31:52    --------    d-----w-    C:\Users\Bill\AppData\Local\{748EA77A-3442-4492-B311-D51F000255C1}
2013-12-10 21:35:15    --------    d-----w-    C:\Users\Bill\AppData\Local\{E456F9E4-A3A4-475A-BB55-673E3939F362}
2013-12-09 19:31:40    --------    d-----w-    C:\Users\Bill\AppData\Local\{082F06B0-B9A8-4596-BA0F-8483C43201BD}
2013-12-07 21:28:40    --------    d-----w-    C:\Users\Bill\AppData\Local\{146413EA-3F6F-4669-89C2-16CA27B6DB6D}
2013-12-06 23:14:07    --------    d-----w-    C:\Users\Bill\AppData\Local\{6BF4812F-D169-43E4-A48A-19E6428B1EDE}
2013-12-05 21:34:04    --------    d-----w-    C:\Users\Bill\AppData\Local\Macromedia
2013-12-05 21:26:59    271256    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-12-05 12:22:18    --------    d-----w-    C:\Users\Bill\AppData\Local\{28DE3C24-B8B4-41B9-A012-66B9EF01AD3C}
2013-12-05 00:04:21    --------    d-----w-    C:\Users\Bill\AppData\Local\{6B84FE26-6701-45A9-A151-AC3033876F7A}
2013-12-04 11:10:37    --------    d-----w-    C:\Users\Bill\AppData\Local\{80CC3877-BA1B-481C-B806-F5088B842A02}
2013-12-03 22:13:48    --------    d-----w-    C:\Users\Bill\AppData\Local\{A7193810-881E-435D-89E0-1C076F108ED7}
2013-12-03 03:48:39    --------    d-----w-    C:\Users\Bill\AppData\Local\{983E088E-90DF-4B6E-9E0D-8EB143FEF156}
2013-12-02 13:59:51    --------    d-----w-    C:\Users\Bill\AppData\Local\{1BFD2359-6048-4A9D-852C-829D17D71EA5}
2013-12-02 01:07:59    --------    d-----w-    C:\Users\Bill\AppData\Local\{465804B9-A1BF-457E-B5FB-54518F167BD3}
2013-11-30 22:14:08    --------    d-----w-    C:\Users\Bill\AppData\Local\{795F13F7-66D9-4EBF-94A8-60F7FEDEE0EE}
2013-11-29 22:38:20    --------    d-----w-    C:\Users\Bill\AppData\Local\{1ED64B44-2B04-441F-968F-4EA134A5E620}
2013-11-29 04:01:06    --------    d-----w-    C:\Users\Bill\AppData\Local\{A5E3EB7E-F21B-4C94-A59A-A9DFEFD204E6}
2013-11-28 14:32:50    --------    d-----w-    C:\Users\Bill\AppData\Local\{37795C3A-7BEF-4D1A-BC7A-A2251DA04506}
2013-11-28 00:02:50    --------    d-----w-    C:\Users\Bill\AppData\Local\{DC913FD5-B1A6-4F69-AFE1-170812A2173C}
2013-11-26 23:38:57    --------    d-----w-    C:\Users\Bill\AppData\Local\Wajam
2013-11-26 23:00:47    --------    d-----w-    C:\Users\Bill\AppData\Local\{1FFB821A-0934-4C31-BC3B-A068CB028810}
2013-11-26 03:08:37    --------    d-----w-    C:\Users\Bill\AppData\Local\{D20D2782-C6C8-4377-9170-21B608DF3CF5}
2013-11-25 11:29:44    --------    d-----w-    C:\Users\Bill\AppData\Local\{6DA118AD-5007-4154-99AC-2757E5C4F267}
2013-11-24 21:29:14    --------    d-----w-    C:\Users\Bill\AppData\Local\{129EF47E-3470-4E62-86F4-FEFA59D0A222}
2013-11-24 03:27:42    --------    d-----w-    C:\Users\Bill\AppData\Local\{0A89BF2D-57D1-489C-971C-F29B61E1BB31}
2013-11-23 13:59:58    --------    d-----w-    C:\Users\Bill\AppData\Local\{822F785F-3CA9-4837-AD63-83B4D5EE6677}
2013-11-22 22:56:28    --------    d-----w-    C:\Users\Bill\AppData\Local\{F6216780-5E45-4510-AB12-EAFA31343EB9}
2013-11-22 03:13:29    --------    d-----w-    C:\Users\Bill\AppData\Local\{7921A73B-F752-46BA-BABC-6A954D6B8507}
2013-11-21 15:02:51    --------    d-----w-    C:\Users\Bill\AppData\Local\{490EC1AD-3B85-4982-ABC7-C0A81C088D61}
2013-11-21 02:41:23    --------    d-----w-    C:\Users\Bill\AppData\Local\{00B2B39F-0DA2-4868-A0D9-87C31AB614E0}
2013-11-20 14:24:48    --------    d-----w-    C:\Users\Bill\AppData\Local\{260ADE5D-7234-483E-8EB8-7E26240B6894}
2013-11-20 02:24:36    --------    d-----w-    C:\Users\Bill\AppData\Local\{CC185354-8300-43B3-871B-FC56725BA854}
.
==================== Find3M  ====================
.
2013-12-10 23:32:59    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 23:32:59    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-01 20:11:59    92544    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-11-01 20:11:59    84328    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-11-01 20:11:59    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-11-01 20:11:59    43152    ----a-w-    C:\Windows\avastSS.scr
2013-11-01 20:11:59    205320    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-11-01 20:11:59    1032416    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-10-02 09:02:34    46368    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
.
============= FINISH: 17:25:23.09 ===============
 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites
fjbrad

fjbrad

Posted
  • Author
Posted

There was P2P software on this mchine a long while back but it's gone (I hope) now.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013
Ran by Bill (administrator) on BILL-HP on 19-12-2013 19:20:23
Running from C:\Users\Bill\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Bitberry Software) C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Webshots.com) C:\Program Files (x86)\Webshots\Webshots.scr
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2779024 2011-03-14] (CANON INC.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-19] (Google Inc.)
HKCU\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Bill\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-12] (Google Inc.)
HKCU\...\Run: [Oqics] - regsvr32.exe C:\Users\Bill\AppData\Local\Oqics\commonAgenspi.dll <===== ATTENTION
HKCU\...\Run: [stwihos] - regsvr32.exe /s "C:\ProgramData\stwihos.dat"
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\avastui.exe [3567800 2013-11-01] (AVAST Software)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\56d03e96-9ad7-4ee1-b80f-1d6ffa3f429b.exe [180184 2013-11-23] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
AppInit_DLLs: c:\progra~2\musict~1\datamngr\x64\mgrldr.dll   [ ] ()
AppInit_DLLs-x32: c:\progra~2\musict~1\datamngr\mgrldr.dll [ ] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\Launcher.exe (Webshots.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/19
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {537A820F-7758-4D20-A1C6-818598E9FD0A} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=327&systemid=1&v=n9639-139&apn_uid=2486144875944404&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1229&systemid=2&v=u9639-139&apn_uid=2486144875944404&apn_dtid=IME002&o=APN10641&apn_ptnrs=AG2&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2003} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=116&systemid=3&v=u9411-148&apn_uid=2486144875944404&apn_dtid=IME003&o=APN10643&apn_ptnrs=AG4&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKLM - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q={searchTerms}&crm=1
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=327&systemid=1&v=n9639-139&apn_uid=2486144875944404&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=1229&systemid=2&v=u9639-139&apn_uid=2486144875944404&apn_dtid=IME002&o=APN10641&apn_ptnrs=AG2&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2003} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=116&systemid=3&v=u9411-148&apn_uid=2486144875944404&apn_dtid=IME003&o=APN10643&apn_ptnrs=AG4&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2003} URL =
SearchScopes: HKCU - {AFACAC1E-2EA5-4484-9B6E-0358D53A9E2B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3293216&CUI=UN22214150119025243&UM=2
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {22DFBF5B-A7CD-4B25-9471-3DC68C71855F} -  No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File
Toolbar: HKCU - No Name - {57334934-2D47-006A-76A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\u3nbeui9.default-1369882191062
FF DefaultSearchEngine: Vgrabber v1.5 Customized Web Search
FF SelectedSearchEngine: Vgrabber v1.5 Customized Web Search
FF Homepage: https://www.google.ca/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @Microsoft.com/DownloadManager,version=1.1 - C:\Windows\ ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Bill\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Bill\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober4499724.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: dhRichClient3.cDBAccess - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\u3nbeui9.default-1369882191062\Extensions\{579AD9B9-5165-6547-4125-3B7DD47FD298}
FF Extension: NoScript - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\u3nbeui9.default-1369882191062\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

Chrome:
=======


CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: http://dts.search.ask.com/sr?src=crb&gct=ds&appid=116&systemid=3&v=u9411-148&apn_uid=2486144875944404&apn_dtid=IME003&o=APN10643&apn_ptnrs=AG4&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Bill\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Bill\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Bill\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (AVG Internet Security) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1829_0\plugins/avgnpss.dll No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Bill\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Solid Savings) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0
CHR Extension: (Coupon Matcher) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbeaeacnffjpnodemllopecegchjefhb\1.9_0
CHR Extension: (avast! Online Security) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: () - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllhlhdmmmpbclddmhffaghecjaklneo\10.16.4.512_0
CHR Extension: (Wajam) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0
CHR Extension: (PricePeep) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.6_0
CHR Extension: (AVG Security Toolbar) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0
CHR Extension: (Google Wallet) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [fbeaeacnffjpnodemllopecegchjefhb] - C:\Users\Bill\AppData\Roaming\Coupon Matcher\couponmatcher.crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hllhlhdmmmpbclddmhffaghecjaklneo] - C:\Users\Bill\AppData\Local\CRE\hllhlhdmmmpbclddmhffaghecjaklneo.crx
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Bill\AppData\Local\Wajam\Chrome\wajam.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-01] (AVAST Software)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S4 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-02] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-13] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-01] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-19 19:20 - 2013-12-19 19:20 - 00024337 _____ C:\Users\Bill\Desktop\FRST.txt
2013-12-19 19:20 - 2013-12-19 19:20 - 00000000 ____D C:\FRST
2013-12-19 19:17 - 2013-12-19 19:17 - 02192957 _____ (Farbar) C:\Users\Bill\Desktop\FRST64.exe
2013-12-19 17:25 - 2013-12-19 17:25 - 00020022 _____ C:\Users\Bill\Desktop\dds.txt
2013-12-19 17:25 - 2013-12-19 17:25 - 00008922 _____ C:\Users\Bill\Desktop\attach.txt
2013-12-19 17:23 - 2013-12-19 17:23 - 00688992 ____R (Swearware) C:\Users\Bill\Desktop\dds.scr
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{B6142D48-AA33-4FAC-8E02-1511ACF5D414}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{93596CAD-8F06-4648-B7EA-4BA527D428C8}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{5D398417-BFD3-41DB-B667-0AE37849C019}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{47D1CC48-3DA8-42AB-8DAC-A3A76C973147}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{2AE27B23-AB15-4BDE-BB61-1C317C3D9852}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{23E14437-5EF0-4813-B575-B21F8B3BF9CF}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{15DF61BB-E8E2-4052-98CE-0C9F2747516F}
2013-12-18 19:21 - 2013-12-18 19:21 - 00002978 _____ C:\Windows\System32\Tasks\{CF72A2B2-5E05-4DEE-A18D-0AF282D7B1A2}
2013-12-18 16:28 - 2013-12-18 16:28 - 00000000 ____D C:\Users\Bill\AppData\Local\{B782842D-9720-427C-B1AF-526110617FAB}
2013-12-17 20:37 - 2013-12-17 20:37 - 00002978 _____ C:\Windows\System32\Tasks\{C37ADC89-3A33-4E13-A02B-B6A83A0E0609}
2013-12-17 20:37 - 2013-12-17 20:37 - 00002978 _____ C:\Windows\System32\Tasks\{B3F575E7-6B39-46FF-8CB6-4F21427FFB93}
2013-12-17 20:37 - 2013-12-17 20:37 - 00002978 _____ C:\Windows\System32\Tasks\{5F2BD0C6-4A17-4197-B6E5-3532F39A5406}
2013-12-17 20:33 - 2013-12-18 19:06 - 00000081 _____ C:\Users\Bill\AppData\Roaming\mbam.context.scan
2013-12-17 20:30 - 2013-12-17 20:30 - 00002982 _____ C:\Windows\System32\Tasks\{E915F16F-84AF-4064-B473-21FDCB94DD0A}
2013-12-17 18:03 - 2013-12-17 18:04 - 00000000 ____D C:\Users\Bill\AppData\Local\{5DB54227-A0F9-4078-97A3-E78B052DDD58}
2013-12-16 15:10 - 2013-12-17 18:04 - 00197324 _____ (Oracle Corporation) C:\ProgramData\stwihos.dat
2013-12-16 12:52 - 2013-12-16 12:52 - 00000000 ____D C:\Users\Bill\AppData\Local\{E10C7F05-9EA4-4917-B7BF-28F56F777CCF}
2013-12-15 22:43 - 2013-12-15 22:43 - 00000000 ____D C:\Users\Bill\AppData\Local\{B143948F-C524-467C-B7C3-578E38B0B301}
2013-12-15 09:52 - 2013-12-15 09:52 - 00000000 ____D C:\Users\Bill\AppData\Local\{58A439E6-B310-4BE0-A9A1-5DE1FE04BCF1}
2013-12-14 21:52 - 2013-12-14 21:52 - 00000000 ____D C:\Users\Bill\AppData\Local\{9CC7FB8C-9BA0-452A-95EB-E757DDBC8421}
2013-12-14 09:51 - 2013-12-14 09:51 - 00000000 ____D C:\Users\Bill\AppData\Local\{3CB34414-87AE-4E7F-A761-5BE5866EF7D4}
2013-12-13 19:55 - 2013-12-13 19:55 - 00000000 ____D C:\Users\Bill\AppData\Local\Oqics
2013-12-13 18:27 - 2013-12-13 18:28 - 00000000 ____D C:\Users\Bill\AppData\Local\{97CB7D00-3806-48E9-A836-5C92B35DA78F}
2013-12-13 06:04 - 2013-12-13 06:04 - 00000000 ____D C:\Users\Bill\AppData\Local\{0CF0AE35-D68C-48E6-B2AC-4B1AEF920D5A}
2013-12-12 16:55 - 2013-12-12 16:55 - 00000000 ____D C:\Users\Bill\AppData\Local\{7CA6EEB7-CB80-4A1F-85C5-4FB09CF74BCA}
2013-12-12 16:37 - 2013-12-12 16:37 - 00000000 ____D C:\Users\Bill\AppData\Local\TBHostSupport
2013-12-12 16:37 - 2013-12-12 16:37 - 00000000 ____D C:\Users\Bill\AppData\Local\NativeMessaging
2013-12-11 23:04 - 2013-12-11 23:04 - 00000000 ____D C:\Users\Bill\AppData\Local\{DD9A6CE4-2F71-4B72-A0BB-E5632E096691}
2013-12-11 05:31 - 2013-12-11 05:32 - 00000000 ____D C:\Users\Bill\AppData\Local\{748EA77A-3442-4492-B311-D51F000255C1}
2013-12-10 16:35 - 2013-12-10 16:35 - 00000000 ____D C:\Users\Bill\AppData\Local\{E456F9E4-A3A4-475A-BB55-673E3939F362}
2013-12-09 14:31 - 2013-12-09 14:31 - 00000000 ____D C:\Users\Bill\AppData\Local\{082F06B0-B9A8-4596-BA0F-8483C43201BD}
2013-12-07 16:28 - 2013-12-07 16:28 - 00000000 ____D C:\Users\Bill\AppData\Local\{146413EA-3F6F-4669-89C2-16CA27B6DB6D}
2013-12-06 18:14 - 2013-12-06 18:14 - 00000000 ____D C:\Users\Bill\AppData\Local\{6BF4812F-D169-43E4-A48A-19E6428B1EDE}
2013-12-05 17:24 - 2013-12-05 17:24 - 00230970 _____ C:\Users\Bill\Documents\cc_20131205_172413.reg
2013-12-05 16:36 - 2013-12-05 16:36 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-05 16:35 - 2013-12-05 16:35 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bill\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-05 16:34 - 2013-12-05 16:34 - 00000000 ____D C:\Users\Bill\AppData\Local\Macromedia
2013-12-05 07:22 - 2013-12-05 07:22 - 00000000 ____D C:\Users\Bill\AppData\Local\{28DE3C24-B8B4-41B9-A012-66B9EF01AD3C}
2013-12-04 19:04 - 2013-12-04 19:04 - 00000000 ____D C:\Users\Bill\AppData\Local\{6B84FE26-6701-45A9-A151-AC3033876F7A}
2013-12-04 06:10 - 2013-12-04 06:10 - 00000000 ____D C:\Users\Bill\AppData\Local\{80CC3877-BA1B-481C-B806-F5088B842A02}
2013-12-03 17:13 - 2013-12-03 17:13 - 00000000 ____D C:\Users\Bill\AppData\Local\{A7193810-881E-435D-89E0-1C076F108ED7}
2013-12-02 22:48 - 2013-12-02 22:48 - 00000000 ____D C:\Users\Bill\AppData\Local\{983E088E-90DF-4B6E-9E0D-8EB143FEF156}
2013-12-02 08:59 - 2013-12-02 09:00 - 00000000 ____D C:\Users\Bill\AppData\Local\{1BFD2359-6048-4A9D-852C-829D17D71EA5}
2013-12-01 20:07 - 2013-12-01 20:08 - 00000000 ____D C:\Users\Bill\AppData\Local\{465804B9-A1BF-457E-B5FB-54518F167BD3}
2013-11-30 17:14 - 2013-11-30 17:14 - 00000000 ____D C:\Users\Bill\AppData\Local\{795F13F7-66D9-4EBF-94A8-60F7FEDEE0EE}
2013-11-29 17:38 - 2013-11-29 17:38 - 00000000 ____D C:\Users\Bill\AppData\Local\{1ED64B44-2B04-441F-968F-4EA134A5E620}
2013-11-28 23:01 - 2013-11-28 23:01 - 00000000 ____D C:\Users\Bill\AppData\Local\{A5E3EB7E-F21B-4C94-A59A-A9DFEFD204E6}
2013-11-28 09:32 - 2013-11-28 09:33 - 00000000 ____D C:\Users\Bill\AppData\Local\{37795C3A-7BEF-4D1A-BC7A-A2251DA04506}
2013-11-27 19:02 - 2013-11-27 19:03 - 00000000 ____D C:\Users\Bill\AppData\Local\{DC913FD5-B1A6-4F69-AFE1-170812A2173C}
2013-11-26 18:38 - 2013-11-26 18:38 - 00000000 ____D C:\Users\Bill\AppData\Local\Wajam
2013-11-26 18:00 - 2013-11-26 18:00 - 00000000 ____D C:\Users\Bill\AppData\Local\{1FFB821A-0934-4C31-BC3B-A068CB028810}
2013-11-25 22:08 - 2013-11-25 22:08 - 00000000 ____D C:\Users\Bill\AppData\Local\{D20D2782-C6C8-4377-9170-21B608DF3CF5}
2013-11-25 06:29 - 2013-11-25 06:29 - 00000000 ____D C:\Users\Bill\AppData\Local\{6DA118AD-5007-4154-99AC-2757E5C4F267}
2013-11-24 16:29 - 2013-11-24 16:29 - 00000000 ____D C:\Users\Bill\AppData\Local\{129EF47E-3470-4E62-86F4-FEFA59D0A222}
2013-11-23 22:27 - 2013-11-23 22:27 - 00000000 ____D C:\Users\Bill\AppData\Local\{0A89BF2D-57D1-489C-971C-F29B61E1BB31}
2013-11-23 08:59 - 2013-11-23 09:00 - 00000000 ____D C:\Users\Bill\AppData\Local\{822F785F-3CA9-4837-AD63-83B4D5EE6677}
2013-11-22 17:56 - 2013-11-22 17:56 - 00000000 ____D C:\Users\Bill\AppData\Local\{F6216780-5E45-4510-AB12-EAFA31343EB9}
2013-11-21 22:13 - 2013-11-21 22:13 - 00000000 ____D C:\Users\Bill\AppData\Local\{7921A73B-F752-46BA-BABC-6A954D6B8507}
2013-11-21 10:02 - 2013-11-21 10:03 - 00000000 ____D C:\Users\Bill\AppData\Local\{490EC1AD-3B85-4982-ABC7-C0A81C088D61}
2013-11-20 21:41 - 2013-11-20 21:41 - 00000000 ____D C:\Users\Bill\AppData\Local\{00B2B39F-0DA2-4868-A0D9-87C31AB614E0}
2013-11-20 09:24 - 2013-11-20 09:25 - 00000000 ____D C:\Users\Bill\AppData\Local\{260ADE5D-7234-483E-8EB8-7E26240B6894}
2013-11-19 21:24 - 2013-11-19 21:24 - 00000000 ____D C:\Users\Bill\AppData\Local\{CC185354-8300-43B3-871B-FC56725BA854}
2013-11-19 09:24 - 2013-11-19 09:24 - 00000000 ____D C:\Users\Bill\AppData\Local\{2A68D475-73F4-43E7-9F5D-CC7E3F8367FC}

==================== One Month Modified Files and Folders =======

2013-12-19 19:20 - 2013-12-19 19:20 - 00024337 _____ C:\Users\Bill\Desktop\FRST.txt
2013-12-19 19:20 - 2013-12-19 19:20 - 00000000 ____D C:\FRST
2013-12-19 19:17 - 2013-12-19 19:17 - 02192957 _____ (Farbar) C:\Users\Bill\Desktop\FRST64.exe
2013-12-19 19:14 - 2012-09-01 17:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-19 19:14 - 2012-05-04 22:25 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AE2AB91C-4B0D-451A-B227-EF2D57AAD77A}
2013-12-19 19:13 - 2012-04-10 18:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-19 19:13 - 2011-10-19 19:08 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3193178433-3729681772-994535890-1001UA.job
2013-12-19 19:13 - 2011-10-19 19:08 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3193178433-3729681772-994535890-1001Core.job
2013-12-19 17:25 - 2013-12-19 17:25 - 00020022 _____ C:\Users\Bill\Desktop\dds.txt
2013-12-19 17:25 - 2013-12-19 17:25 - 00008922 _____ C:\Users\Bill\Desktop\attach.txt
2013-12-19 17:23 - 2013-12-19 17:23 - 00688992 ____R (Swearware) C:\Users\Bill\Desktop\dds.scr
2013-12-19 17:11 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-19 17:11 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-19 17:08 - 2009-07-14 00:13 - 00782986 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-19 17:06 - 2012-08-15 12:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-19 17:04 - 2011-07-08 17:34 - 00000000 ____D C:\ProgramData\PDFC
2013-12-19 17:03 - 2013-11-01 15:52 - 00002890 _____ C:\Windows\setupact.log
2013-12-19 17:03 - 2013-06-03 09:23 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-12-19 17:03 - 2012-09-01 17:57 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-19 17:03 - 2011-12-11 13:08 - 00000400 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2013-12-19 17:03 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-18 20:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{B6142D48-AA33-4FAC-8E02-1511ACF5D414}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{93596CAD-8F06-4648-B7EA-4BA527D428C8}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{5D398417-BFD3-41DB-B667-0AE37849C019}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{47D1CC48-3DA8-42AB-8DAC-A3A76C973147}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{2AE27B23-AB15-4BDE-BB61-1C317C3D9852}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{23E14437-5EF0-4813-B575-B21F8B3BF9CF}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{15DF61BB-E8E2-4052-98CE-0C9F2747516F}
2013-12-18 19:21 - 2013-12-18 19:21 - 00002978 _____ C:\Windows\System32\Tasks\{CF72A2B2-5E05-4DEE-A18D-0AF282D7B1A2}
2013-12-18 19:06 - 2013-12-17 20:33 - 00000081 _____ C:\Users\Bill\AppData\Roaming\mbam.context.scan
2013-12-18 16:28 - 2013-12-18 16:28 - 00000000 ____D C:\Users\Bill\AppData\Local\{B782842D-9720-427C-B1AF-526110617FAB}
2013-12-18 16:21 - 2013-11-12 16:18 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-18 09:44 - 2013-11-03 06:48 - 00056647 _____ C:\Windows\WindowsUpdate.log
2013-12-17 20:37 - 2013-12-17 20:37 - 00002978 _____ C:\Windows\System32\Tasks\{C37ADC89-3A33-4E13-A02B-B6A83A0E0609}
2013-12-17 20:37 - 2013-12-17 20:37 - 00002978 _____ C:\Windows\System32\Tasks\{B3F575E7-6B39-46FF-8CB6-4F21427FFB93}
2013-12-17 20:37 - 2013-12-17 20:37 - 00002978 _____ C:\Windows\System32\Tasks\{5F2BD0C6-4A17-4197-B6E5-3532F39A5406}
2013-12-17 20:30 - 2013-12-17 20:30 - 00002982 _____ C:\Windows\System32\Tasks\{E915F16F-84AF-4064-B473-21FDCB94DD0A}
2013-12-17 18:04 - 2013-12-17 18:03 - 00000000 ____D C:\Users\Bill\AppData\Local\{5DB54227-A0F9-4078-97A3-E78B052DDD58}
2013-12-17 18:04 - 2013-12-16 15:10 - 00197324 _____ (Oracle Corporation) C:\ProgramData\stwihos.dat
2013-12-16 12:52 - 2013-12-16 12:52 - 00000000 ____D C:\Users\Bill\AppData\Local\{E10C7F05-9EA4-4917-B7BF-28F56F777CCF}
2013-12-15 22:43 - 2013-12-15 22:43 - 00000000 ____D C:\Users\Bill\AppData\Local\{B143948F-C524-467C-B7C3-578E38B0B301}
2013-12-15 09:52 - 2013-12-15 09:52 - 00000000 ____D C:\Users\Bill\AppData\Local\{58A439E6-B310-4BE0-A9A1-5DE1FE04BCF1}
2013-12-14 21:52 - 2013-12-14 21:52 - 00000000 ____D C:\Users\Bill\AppData\Local\{9CC7FB8C-9BA0-452A-95EB-E757DDBC8421}
2013-12-14 09:51 - 2013-12-14 09:51 - 00000000 ____D C:\Users\Bill\AppData\Local\{3CB34414-87AE-4E7F-A761-5BE5866EF7D4}
2013-12-13 21:47 - 2012-04-19 17:46 - 00000000 ____D C:\ProgramData\Adobe
2013-12-13 21:46 - 2013-11-01 15:52 - 00060418 _____ C:\Windows\PFRO.log
2013-12-13 19:55 - 2013-12-13 19:55 - 00000000 ____D C:\Users\Bill\AppData\Local\Oqics
2013-12-13 18:28 - 2013-12-13 18:27 - 00000000 ____D C:\Users\Bill\AppData\Local\{97CB7D00-3806-48E9-A836-5C92B35DA78F}
2013-12-13 16:50 - 2011-10-19 19:08 - 00000000 ____D C:\Users\Bill\AppData\Local\Google
2013-12-13 06:04 - 2013-12-13 06:04 - 00000000 ____D C:\Users\Bill\AppData\Local\{0CF0AE35-D68C-48E6-B2AC-4B1AEF920D5A}
2013-12-12 16:55 - 2013-12-12 16:55 - 00000000 ____D C:\Users\Bill\AppData\Local\{7CA6EEB7-CB80-4A1F-85C5-4FB09CF74BCA}
2013-12-12 16:37 - 2013-12-12 16:37 - 00000000 ____D C:\Users\Bill\AppData\Local\TBHostSupport
2013-12-12 16:37 - 2013-12-12 16:37 - 00000000 ____D C:\Users\Bill\AppData\Local\NativeMessaging
2013-12-12 16:37 - 2012-04-19 17:46 - 00000000 ____D C:\Users\Bill\AppData\Local\Adobe
2013-12-12 16:37 - 2011-09-27 09:13 - 00000000 ____D C:\Users\Bill\AppData\Roaming\Adobe
2013-12-12 16:33 - 2012-09-01 17:58 - 00000000 ____D C:\Program Files\Google
2013-12-12 16:33 - 2012-09-01 17:57 - 00000000 ____D C:\ProgramData\Google
2013-12-12 16:33 - 2012-09-01 17:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-12 16:32 - 2012-04-19 17:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-11 23:04 - 2013-12-11 23:04 - 00000000 ____D C:\Users\Bill\AppData\Local\{DD9A6CE4-2F71-4B72-A0BB-E5632E096691}
2013-12-11 05:32 - 2013-12-11 05:31 - 00000000 ____D C:\Users\Bill\AppData\Local\{748EA77A-3442-4492-B311-D51F000255C1}
2013-12-10 18:33 - 2012-04-10 18:02 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 18:32 - 2012-04-10 18:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 18:32 - 2012-04-10 18:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 16:35 - 2013-12-10 16:35 - 00000000 ____D C:\Users\Bill\AppData\Local\{E456F9E4-A3A4-475A-BB55-673E3939F362}
2013-12-09 14:31 - 2013-12-09 14:31 - 00000000 ____D C:\Users\Bill\AppData\Local\{082F06B0-B9A8-4596-BA0F-8483C43201BD}
2013-12-07 22:57 - 2013-01-01 07:55 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-12-07 16:28 - 2013-12-07 16:28 - 00000000 ____D C:\Users\Bill\AppData\Local\{146413EA-3F6F-4669-89C2-16CA27B6DB6D}
2013-12-06 18:14 - 2013-12-06 18:14 - 00000000 ____D C:\Users\Bill\AppData\Local\{6BF4812F-D169-43E4-A48A-19E6428B1EDE}
2013-12-05 18:19 - 2012-09-19 19:15 - 00000000 ____D C:\Users\Bill\AppData\Local\Conduit
2013-12-05 18:17 - 2013-11-07 10:50 - 00001450 _____ C:\Users\Bill\Desktop\Sign In (2).url
2013-12-05 17:24 - 2013-12-05 17:24 - 00230970 _____ C:\Users\Bill\Documents\cc_20131205_172413.reg
2013-12-05 17:20 - 2013-11-01 16:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-05 17:18 - 2013-05-29 16:58 - 00000000 ____D C:\Program Files (x86)\WhatsRunning
2013-12-05 17:16 - 2013-05-29 17:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-05 17:15 - 2011-09-27 09:11 - 00000000 ___RD C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-05 16:36 - 2013-12-05 16:36 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-05 16:35 - 2013-12-05 16:35 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bill\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-05 16:34 - 2013-12-05 16:34 - 00000000 ____D C:\Users\Bill\AppData\Local\Macromedia
2013-12-05 16:25 - 2013-10-19 16:34 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-05 14:46 - 2012-10-05 14:49 - 02112512 ___SH C:\Users\Bill\Documents\Thumbs.db
2013-12-05 07:22 - 2013-12-05 07:22 - 00000000 ____D C:\Users\Bill\AppData\Local\{28DE3C24-B8B4-41B9-A012-66B9EF01AD3C}
2013-12-04 19:05 - 2011-10-19 19:08 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3193178433-3729681772-994535890-1001UA
2013-12-04 19:05 - 2011-10-19 19:08 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3193178433-3729681772-994535890-1001Core
2013-12-04 19:04 - 2013-12-04 19:04 - 00000000 ____D C:\Users\Bill\AppData\Local\{6B84FE26-6701-45A9-A151-AC3033876F7A}
2013-12-04 06:10 - 2013-12-04 06:10 - 00000000 ____D C:\Users\Bill\AppData\Local\{80CC3877-BA1B-481C-B806-F5088B842A02}
2013-12-03 17:13 - 2013-12-03 17:13 - 00000000 ____D C:\Users\Bill\AppData\Local\{A7193810-881E-435D-89E0-1C076F108ED7}
2013-12-03 03:09 - 2012-09-01 17:57 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-03 03:09 - 2012-09-01 17:57 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-02 22:48 - 2013-12-02 22:48 - 00000000 ____D C:\Users\Bill\AppData\Local\{983E088E-90DF-4B6E-9E0D-8EB143FEF156}
2013-12-02 09:00 - 2013-12-02 08:59 - 00000000 ____D C:\Users\Bill\AppData\Local\{1BFD2359-6048-4A9D-852C-829D17D71EA5}
2013-12-01 20:08 - 2013-12-01 20:07 - 00000000 ____D C:\Users\Bill\AppData\Local\{465804B9-A1BF-457E-B5FB-54518F167BD3}
2013-11-30 17:14 - 2013-11-30 17:14 - 00000000 ____D C:\Users\Bill\AppData\Local\{795F13F7-66D9-4EBF-94A8-60F7FEDEE0EE}
2013-11-29 17:38 - 2013-11-29 17:38 - 00000000 ____D C:\Users\Bill\AppData\Local\{1ED64B44-2B04-441F-968F-4EA134A5E620}
2013-11-28 23:01 - 2013-11-28 23:01 - 00000000 ____D C:\Users\Bill\AppData\Local\{A5E3EB7E-F21B-4C94-A59A-A9DFEFD204E6}
2013-11-28 09:33 - 2013-11-28 09:32 - 00000000 ____D C:\Users\Bill\AppData\Local\{37795C3A-7BEF-4D1A-BC7A-A2251DA04506}
2013-11-27 19:03 - 2013-11-27 19:02 - 00000000 ____D C:\Users\Bill\AppData\Local\{DC913FD5-B1A6-4F69-AFE1-170812A2173C}
2013-11-26 18:38 - 2013-11-26 18:38 - 00000000 ____D C:\Users\Bill\AppData\Local\Wajam
2013-11-26 18:00 - 2013-11-26 18:00 - 00000000 ____D C:\Users\Bill\AppData\Local\{1FFB821A-0934-4C31-BC3B-A068CB028810}
2013-11-25 22:08 - 2013-11-25 22:08 - 00000000 ____D C:\Users\Bill\AppData\Local\{D20D2782-C6C8-4377-9170-21B608DF3CF5}
2013-11-25 06:29 - 2013-11-25 06:29 - 00000000 ____D C:\Users\Bill\AppData\Local\{6DA118AD-5007-4154-99AC-2757E5C4F267}
2013-11-24 16:29 - 2013-11-24 16:29 - 00000000 ____D C:\Users\Bill\AppData\Local\{129EF47E-3470-4E62-86F4-FEFA59D0A222}
2013-11-23 22:27 - 2013-11-23 22:27 - 00000000 ____D C:\Users\Bill\AppData\Local\{0A89BF2D-57D1-489C-971C-F29B61E1BB31}
2013-11-23 09:00 - 2013-11-23 08:59 - 00000000 ____D C:\Users\Bill\AppData\Local\{822F785F-3CA9-4837-AD63-83B4D5EE6677}
2013-11-22 17:56 - 2013-11-22 17:56 - 00000000 ____D C:\Users\Bill\AppData\Local\{F6216780-5E45-4510-AB12-EAFA31343EB9}
2013-11-21 22:13 - 2013-11-21 22:13 - 00000000 ____D C:\Users\Bill\AppData\Local\{7921A73B-F752-46BA-BABC-6A954D6B8507}
2013-11-21 10:03 - 2013-11-21 10:02 - 00000000 ____D C:\Users\Bill\AppData\Local\{490EC1AD-3B85-4982-ABC7-C0A81C088D61}
2013-11-20 21:41 - 2013-11-20 21:41 - 00000000 ____D C:\Users\Bill\AppData\Local\{00B2B39F-0DA2-4868-A0D9-87C31AB614E0}
2013-11-20 09:25 - 2013-11-20 09:24 - 00000000 ____D C:\Users\Bill\AppData\Local\{260ADE5D-7234-483E-8EB8-7E26240B6894}
2013-11-19 21:24 - 2013-11-19 21:24 - 00000000 ____D C:\Users\Bill\AppData\Local\{CC185354-8300-43B3-871B-FC56725BA854}
2013-11-19 09:24 - 2013-11-19 09:24 - 00000000 ____D C:\Users\Bill\AppData\Local\{2A68D475-73F4-43E7-9F5D-CC7E3F8367FC}

Files to move or delete:
====================
C:\ProgramData\pclunst.exe
C:\ProgramData\stwihos.dat


Some content of TEMP:
====================
C:\Users\Bill\AppData\Local\Temp\BackupSetup.exe
C:\Users\Bill\AppData\Local\Temp\jsxxefdj.exe
C:\Users\Bill\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Bill\AppData\Local\Temp\tbVgr0.dll
C:\Users\Bill\AppData\Local\Temp\tbWis0.dll
C:\Users\Bill\AppData\Local\Temp\uninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 09:32

==================== End Of Log ============================

 

I do not appear to have a way to attach files

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

To attach a file use the "More Reply Options" tab under the reply box, In the new reply function box use "Browse" tab to find the file, open the file when found then use "Attach This File" tab to do just that....

 

Do the following first,

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs, also attach addition.txt from inItial run of FRST....

 

tHANKS,

 

kEVIN

 

 

 

fixlist.txt

Link to post
Share on other sites
fjbrad

fjbrad

Posted
  • Author
Posted

I am still not able to run MalWareBytes due to the "policy" issue

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2013 02
Ran by Bill at 2013-12-20 15:06:12 Run:1
Running from C:\Users\Bill\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKCU\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Bill\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
C:\Users\Bill\AppData\Local\TBHostSuppor
HKCU\...\Run: [Oqics] - regsvr32.exe C:\Users\Bill\AppData\Local\Oqics\commonAgenspi.dll <===== ATTENTION
C:\Users\Bill\AppData\Local\Oqics
HKCU\...\Run: [stwihos] - regsvr32.exe /s "C:\ProgramData\stwihos.dat"
C:\ProgramData\stwihos.dat
AppInit_DLLs: c:\progra~2\musict~1\datamngr\x64\mgrldr.dll   [ ] ()
AppInit_DLLs-x32: c:\progra~2\musict~1\datamngr\mgrldr.dll [ ] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.amazon.ca...field-keywords={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.as...pn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.as...pn_ptnrs=AG2&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2003} URL = http://dts.search.as...pn_ptnrs=AG4&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearsh...b&systemid=2&q={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://us.yhs.search...eb_chrome_us&p={searchTerms}
SearchScopes: HKLM - {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.c...61&gct=&gc=1&q={searchTerms}&crm=1
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.as...pn_ptnrs=AGE&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.as...pn_ptnrs=AG2&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2003} URL = http://dts.search.as...pn_ptnrs=AG4&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2003} URL =
SearchScopes: HKCU - {AFACAC1E-2EA5-4484-9B6E-0358D53A9E2B} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3293216&CUI=UN22214150119025243&UM=2
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
C:\ProgramData\pclunst.exe
C:\ProgramData\stwihos.dat
C:\Users\Bill\AppData\Local\Temp\BackupSetup.exe
C:\Users\Bill\AppData\Local\Temp\jsxxefdj.exe
C:\Users\Bill\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Bill\AppData\Local\Temp\tbVgr0.dll
C:\Users\Bill\AppData\Local\Temp\tbWis0.dll
C:\Users\Bill\AppData\Local\Temp\uninstall.exe
End



*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport => Value deleted successfully.
"C:\Users\Bill\AppData\Local\TBHostSuppor" => File/Directory not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Oqics => Value deleted successfully.
C:\Users\Bill\AppData\Local\Oqics => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\stwihos => Value deleted successfully.
C:\ProgramData\stwihos.dat => Moved successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe => Key not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{537A820F-7758-4D20-A1C6-818598E9FD0A} => Key deleted successfully.
HKCR\CLSID\{537A820F-7758-4D20-A1C6-818598E9FD0A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key not found.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2003} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2003} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} => Key not found.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} => Key not found.
HKCR\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key not found.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2003} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2003} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key not found.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2003} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2003} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFACAC1E-2EA5-4484-9B6E-0358D53A9E2B} => Key deleted successfully.
HKCR\CLSID\{AFACAC1E-2EA5-4484-9B6E-0358D53A9E2B} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key not found.
HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key not found.
HKCU\Software\Mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} => Value not found.
C:\ProgramData\pclunst.exe => Moved successfully.
"C:\ProgramData\stwihos.dat" => File/Directory not found.
C:\Users\Bill\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Bill\AppData\Local\Temp\jsxxefdj.exe => Moved successfully.
C:\Users\Bill\AppData\Local\Temp\MSETUP4.EXE => Moved successfully.
C:\Users\Bill\AppData\Local\Temp\tbVgr0.dll => Moved successfully.
C:\Users\Bill\AppData\Local\Temp\tbWis0.dll => Moved successfully.
"C:\Users\Bill\AppData\Local\Temp\uninstall.exe" => File/Directory not found.

==== End of Fixlog ====

 

# AdwCleaner v3.015 - Report created 20/12/2013 at 14:56:02
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bill - BILL-HP
# Running from : C:\Users\Bill\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater17.0.12

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Registry Helper
Folder Deleted : C:\ProgramData\SpeedyPC Software
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\iMesh Applications
Folder Deleted : C:\Program Files (x86)\MapsGalaxy_39EI
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Nation Toolbar
Folder Deleted : C:\Program Files (x86)\Yontoo Layers Runtime
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\SpeedyPC Software
Folder Deleted : C:\Users\Bill\AppData\Local\apn
Folder Deleted : C:\Users\Bill\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Bill\AppData\Local\Babylon
Folder Deleted : C:\Users\Bill\AppData\Local\Conduit
Folder Deleted : C:\Users\Bill\AppData\Local\iac
Folder Deleted : C:\Users\Bill\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Bill\AppData\Local\PackageAware
Folder Deleted : C:\Users\Bill\AppData\Local\TBHostSupport
Folder Deleted : C:\Users\Bill\AppData\Local\torch
Folder Deleted : C:\Users\Bill\AppData\Local\Wajam
Folder Deleted : C:\Users\Bill\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\Bill\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Bill\AppData\LocalLow\blekko
Folder Deleted : C:\Users\Bill\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Bill\AppData\LocalLow\mapsgalaxy_39
Folder Deleted : C:\Users\Bill\AppData\LocalLow\MapsGalaxy_39EI
Folder Deleted : C:\Users\Bill\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Bill\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Bill\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Bill\AppData\Roaming\SpeedyPC Software
Folder Deleted : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\u3nbeui9.default-1369882191062\imeshmusicboxtoolbarha
Folder Deleted : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\brf5xthj.default\Extensions\plugin@yontoo.com
Folder Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Folder Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\hllhlhdmmmpbclddmhffaghecjaklneo
File Deleted : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\brf5xthj.default\Extensions\pricepeep@getpricepeep.com.xpi
File Deleted : C:\Users\Bill\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\nsprotector.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\System32\Tasks\Dealply
File Deleted : C:\Windows\System32\Tasks\DealPlyUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\hllhlhdmmmpbclddmhffaghecjaklneo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hllhlhdmmmpbclddmhffaghecjaklneo
Key Deleted : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3297951
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_microsoft-safety-scanner[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_microsoft-safety-scanner[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255625578}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266626678}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440244624478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B84B4B4-8AF8-4F1F-91FE-074A666F6425}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3C35AD63-AF1D-4E21-B484-B6651A8EFCF9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48909954-14FB-4971-A7B3-47E7AF10B38A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57334934-2D47-006A-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5848763C-2668-44CA-ADBE-2999A6EE2858}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{796B75F6-6187-47E2-8F1F-C16E059E6E19}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5E9B421-C309-41DE-9014-800A2ADCDEB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0B84B4B4-8AF8-4F1F-91FE-074A666F6425}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3C35AD63-AF1D-4E21-B484-B6651A8EFCF9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48909954-14FB-4971-A7B3-47E7AF10B38A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{57334934-2D47-006A-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5848763C-2668-44CA-ADBE-2999A6EE2858}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{796B75F6-6187-47E2-8F1F-C16E059E6E19}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D5E9B421-C309-41DE-9014-800A2ADCDEB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{57334934-2D47-006A-76A7-7A786E7484D7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1BE14FE1-3175-4324-A77B-33FE5CB7A6ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255625578}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266626678}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\Nation Toolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpeedyPC Software
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39EI
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Nation Toolbar
Key Deleted : HKLM\Software\SpeedyPC Software
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\Software\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\musict~1\datamngr\x64\mgrldr.dll

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v24.0 (en-GB)

[ File : C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\u3nbeui9.default-1369882191062\prefs.js ]

Line Deleted : user_pref("CT3293216.FF19Solved", "true");
Line Deleted : user_pref("CT3293216.UserID", "UN26027392001016412");
Line Deleted : user_pref("CT3293216.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3293216.fullUserID", "UN26027392001016412.IN.20131019173330");
Line Deleted : user_pref("CT3293216.installDate", "19/10/2013 17:33:31");
Line Deleted : user_pref("CT3293216.installSessionId", "-1");
Line Deleted : user_pref("CT3293216.installSp", "TRUE");
Line Deleted : user_pref("CT3293216.installerVersion", "1.7.1.4");
Line Deleted : user_pref("CT3293216.keyword", "true");
Line Deleted : user_pref("CT3293216.originalHomepage", "about:home");
Line Deleted : user_pref("CT3293216.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3293216.originalSearchEngine", "");
Line Deleted : user_pref("CT3293216.originalSearchEngineName", "");
Line Deleted : user_pref("CT3293216.searchRevert", "FALSE");
Line Deleted : user_pref("CT3293216.searchUserMode", "2");
Line Deleted : user_pref("CT3293216.smartbar.homepage", "true");
Line Deleted : user_pref("CT3293216.versionFromInstaller", "10.20.1.8");
Line Deleted : user_pref("CT3293216.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultenginename", "Vgrabber v1.5 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Vgrabber v1.5 Customized Web Search");

Line Deleted : user_pref("browser.search.selectedEngine", "Vgrabber v1.5 Customized Web Search");

Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3293216");


Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3293216");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3293216");
Line Deleted : user_pref("smartbar.machineId", "QD1HZLRD7CPNHITEC7CJMK2ZRTT6K9U69IX3XPXXN5DMN8/ZCYDJJDTMPMSKUL1S2WO/+ZRPUTIJ9NBOC5E8WG");


-\\ Google Chrome v

[ File : C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [33666 octets] - [20/12/2013 10:37:32]
AdwCleaner[s0].txt - [33703 octets] - [20/12/2013 14:56:02]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [33764 octets] ##########
 

Addition.txt

Link to post
Share on other sites
fjbrad

fjbrad

Posted
  • Author
Posted

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013 02
Ran by Bill (administrator) on BILL-HP on 20-12-2013 16:12:59
Running from C:\Users\Bill\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Webshots.com) C:\Program Files (x86)\Webshots\Webshots.scr
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2779024 2011-03-14] (CANON INC.)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-19] (Google Inc.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-12] (Google Inc.)
HKCU\...\Run: [stwihos] - regsvr32.exe /s "C:\ProgramData\stwihos.dat"
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\avastui.exe [3567800 2013-11-01] (AVAST Software)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\56d03e96-9ad7-4ee1-b80f-1d6ffa3f429b.exe [180184 2013-11-23] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\Launcher.exe (Webshots.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/19
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {22DFBF5B-A7CD-4B25-9471-3DC68C71855F} -  No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\u3nbeui9.default-1369882191062
FF Homepage: https://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @Microsoft.com/DownloadManager,version=1.1 - C:\Windows\ ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Bill\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Bill\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober4499724.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: dhRichClient3.cDBAccess - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\u3nbeui9.default-1369882191062\Extensions\{579AD9B9-5165-6547-4125-3B7DD47FD298}
FF Extension: NoScript - C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\u3nbeui9.default-1369882191062\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======


CHR DefaultSearchProvider: Ask.com
CHR DefaultSearchURL: http://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Users\Bill\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Bill\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Bill\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (AVG Internet Security) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1829_0\plugins/avgnpss.dll No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Bill\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Solid Savings) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0
CHR Extension: (Coupon Matcher) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbeaeacnffjpnodemllopecegchjefhb\1.9_0
CHR Extension: (avast! Online Security) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Google Wallet) - C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [fbeaeacnffjpnodemllopecegchjefhb] - C:\Users\Bill\AppData\Roaming\Coupon Matcher\couponmatcher.crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-01] (AVAST Software)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-13] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-01] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-02] (AVG Technologies)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-20 10:37 - 2013-12-20 15:09 - 00000000 ____D C:\AdwCleaner
2013-12-20 10:36 - 2013-12-20 10:36 - 01226750 _____ C:\Users\Bill\Downloads\AdwCleaner.exe
2013-12-20 10:12 - 2013-12-20 16:12 - 00005762 _____ C:\Users\Bill\Desktop\FRST.txt
2013-12-20 10:12 - 2013-12-20 10:12 - 00000000 ____D C:\Users\Bill\Desktop\FRST-OlderVersion
2013-12-19 19:20 - 2013-12-20 10:12 - 00000000 ____D C:\FRST
2013-12-19 19:20 - 2013-12-19 19:21 - 00031035 _____ C:\Users\Bill\Desktop\Addition.txt
2013-12-19 19:17 - 2013-12-20 10:12 - 02193141 _____ (Farbar) C:\Users\Bill\Desktop\FRST64.exe
2013-12-19 17:25 - 2013-12-19 17:25 - 00020022 _____ C:\Users\Bill\Desktop\dds.txt
2013-12-19 17:25 - 2013-12-19 17:25 - 00008922 _____ C:\Users\Bill\Desktop\attach.txt
2013-12-19 17:23 - 2013-12-19 17:23 - 00688992 ____R (Swearware) C:\Users\Bill\Desktop\dds.scr
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{B6142D48-AA33-4FAC-8E02-1511ACF5D414}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{93596CAD-8F06-4648-B7EA-4BA527D428C8}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{5D398417-BFD3-41DB-B667-0AE37849C019}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{47D1CC48-3DA8-42AB-8DAC-A3A76C973147}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{2AE27B23-AB15-4BDE-BB61-1C317C3D9852}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{23E14437-5EF0-4813-B575-B21F8B3BF9CF}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{15DF61BB-E8E2-4052-98CE-0C9F2747516F}
2013-12-18 19:21 - 2013-12-18 19:21 - 00002978 _____ C:\Windows\System32\Tasks\{CF72A2B2-5E05-4DEE-A18D-0AF282D7B1A2}
2013-12-18 16:28 - 2013-12-18 16:28 - 00000000 ____D C:\Users\Bill\AppData\Local\{B782842D-9720-427C-B1AF-526110617FAB}
2013-12-17 20:37 - 2013-12-17 20:37 - 00002978 _____ C:\Windows\System32\Tasks\{C37ADC89-3A33-4E13-A02B-B6A83A0E0609}
2013-12-17 20:37 - 2013-12-17 20:37 - 00002978 _____ C:\Windows\System32\Tasks\{B3F575E7-6B39-46FF-8CB6-4F21427FFB93}
2013-12-17 20:37 - 2013-12-17 20:37 - 00002978 _____ C:\Windows\System32\Tasks\{5F2BD0C6-4A17-4197-B6E5-3532F39A5406}
2013-12-17 20:33 - 2013-12-18 19:06 - 00000081 _____ C:\Users\Bill\AppData\Roaming\mbam.context.scan
2013-12-17 20:30 - 2013-12-17 20:30 - 00002982 _____ C:\Windows\System32\Tasks\{E915F16F-84AF-4064-B473-21FDCB94DD0A}
2013-12-17 18:03 - 2013-12-17 18:04 - 00000000 ____D C:\Users\Bill\AppData\Local\{5DB54227-A0F9-4078-97A3-E78B052DDD58}
2013-12-16 15:10 - 2013-12-20 15:06 - 00197324 _____ (Oracle Corporation) C:\ProgramData\stwihos.dat
2013-12-16 12:52 - 2013-12-16 12:52 - 00000000 ____D C:\Users\Bill\AppData\Local\{E10C7F05-9EA4-4917-B7BF-28F56F777CCF}
2013-12-15 22:43 - 2013-12-15 22:43 - 00000000 ____D C:\Users\Bill\AppData\Local\{B143948F-C524-467C-B7C3-578E38B0B301}
2013-12-15 09:52 - 2013-12-15 09:52 - 00000000 ____D C:\Users\Bill\AppData\Local\{58A439E6-B310-4BE0-A9A1-5DE1FE04BCF1}
2013-12-14 21:52 - 2013-12-14 21:52 - 00000000 ____D C:\Users\Bill\AppData\Local\{9CC7FB8C-9BA0-452A-95EB-E757DDBC8421}
2013-12-14 09:51 - 2013-12-14 09:51 - 00000000 ____D C:\Users\Bill\AppData\Local\{3CB34414-87AE-4E7F-A761-5BE5866EF7D4}
2013-12-13 18:27 - 2013-12-13 18:28 - 00000000 ____D C:\Users\Bill\AppData\Local\{97CB7D00-3806-48E9-A836-5C92B35DA78F}
2013-12-13 06:04 - 2013-12-13 06:04 - 00000000 ____D C:\Users\Bill\AppData\Local\{0CF0AE35-D68C-48E6-B2AC-4B1AEF920D5A}
2013-12-12 16:55 - 2013-12-12 16:55 - 00000000 ____D C:\Users\Bill\AppData\Local\{7CA6EEB7-CB80-4A1F-85C5-4FB09CF74BCA}
2013-12-11 23:04 - 2013-12-11 23:04 - 00000000 ____D C:\Users\Bill\AppData\Local\{DD9A6CE4-2F71-4B72-A0BB-E5632E096691}
2013-12-11 05:31 - 2013-12-11 05:32 - 00000000 ____D C:\Users\Bill\AppData\Local\{748EA77A-3442-4492-B311-D51F000255C1}
2013-12-10 16:35 - 2013-12-10 16:35 - 00000000 ____D C:\Users\Bill\AppData\Local\{E456F9E4-A3A4-475A-BB55-673E3939F362}
2013-12-09 14:31 - 2013-12-09 14:31 - 00000000 ____D C:\Users\Bill\AppData\Local\{082F06B0-B9A8-4596-BA0F-8483C43201BD}
2013-12-07 16:28 - 2013-12-07 16:28 - 00000000 ____D C:\Users\Bill\AppData\Local\{146413EA-3F6F-4669-89C2-16CA27B6DB6D}
2013-12-06 18:14 - 2013-12-06 18:14 - 00000000 ____D C:\Users\Bill\AppData\Local\{6BF4812F-D169-43E4-A48A-19E6428B1EDE}
2013-12-05 17:24 - 2013-12-05 17:24 - 00230970 _____ C:\Users\Bill\Documents\cc_20131205_172413.reg
2013-12-05 16:36 - 2013-12-20 15:07 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-05 16:35 - 2013-12-05 16:35 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bill\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-05 16:34 - 2013-12-05 16:34 - 00000000 ____D C:\Users\Bill\AppData\Local\Macromedia
2013-12-05 07:22 - 2013-12-05 07:22 - 00000000 ____D C:\Users\Bill\AppData\Local\{28DE3C24-B8B4-41B9-A012-66B9EF01AD3C}
2013-12-04 19:04 - 2013-12-04 19:04 - 00000000 ____D C:\Users\Bill\AppData\Local\{6B84FE26-6701-45A9-A151-AC3033876F7A}
2013-12-04 06:10 - 2013-12-04 06:10 - 00000000 ____D C:\Users\Bill\AppData\Local\{80CC3877-BA1B-481C-B806-F5088B842A02}
2013-12-03 17:13 - 2013-12-03 17:13 - 00000000 ____D C:\Users\Bill\AppData\Local\{A7193810-881E-435D-89E0-1C076F108ED7}
2013-12-02 22:48 - 2013-12-02 22:48 - 00000000 ____D C:\Users\Bill\AppData\Local\{983E088E-90DF-4B6E-9E0D-8EB143FEF156}
2013-12-02 08:59 - 2013-12-02 09:00 - 00000000 ____D C:\Users\Bill\AppData\Local\{1BFD2359-6048-4A9D-852C-829D17D71EA5}
2013-12-01 20:07 - 2013-12-01 20:08 - 00000000 ____D C:\Users\Bill\AppData\Local\{465804B9-A1BF-457E-B5FB-54518F167BD3}
2013-11-30 17:14 - 2013-11-30 17:14 - 00000000 ____D C:\Users\Bill\AppData\Local\{795F13F7-66D9-4EBF-94A8-60F7FEDEE0EE}
2013-11-29 17:38 - 2013-11-29 17:38 - 00000000 ____D C:\Users\Bill\AppData\Local\{1ED64B44-2B04-441F-968F-4EA134A5E620}
2013-11-28 23:01 - 2013-11-28 23:01 - 00000000 ____D C:\Users\Bill\AppData\Local\{A5E3EB7E-F21B-4C94-A59A-A9DFEFD204E6}
2013-11-28 09:32 - 2013-11-28 09:33 - 00000000 ____D C:\Users\Bill\AppData\Local\{37795C3A-7BEF-4D1A-BC7A-A2251DA04506}
2013-11-27 19:02 - 2013-11-27 19:03 - 00000000 ____D C:\Users\Bill\AppData\Local\{DC913FD5-B1A6-4F69-AFE1-170812A2173C}
2013-11-26 18:00 - 2013-11-26 18:00 - 00000000 ____D C:\Users\Bill\AppData\Local\{1FFB821A-0934-4C31-BC3B-A068CB028810}
2013-11-25 22:08 - 2013-11-25 22:08 - 00000000 ____D C:\Users\Bill\AppData\Local\{D20D2782-C6C8-4377-9170-21B608DF3CF5}
2013-11-25 06:29 - 2013-11-25 06:29 - 00000000 ____D C:\Users\Bill\AppData\Local\{6DA118AD-5007-4154-99AC-2757E5C4F267}
2013-11-24 16:29 - 2013-11-24 16:29 - 00000000 ____D C:\Users\Bill\AppData\Local\{129EF47E-3470-4E62-86F4-FEFA59D0A222}
2013-11-23 22:27 - 2013-11-23 22:27 - 00000000 ____D C:\Users\Bill\AppData\Local\{0A89BF2D-57D1-489C-971C-F29B61E1BB31}
2013-11-23 08:59 - 2013-11-23 09:00 - 00000000 ____D C:\Users\Bill\AppData\Local\{822F785F-3CA9-4837-AD63-83B4D5EE6677}
2013-11-22 17:56 - 2013-11-22 17:56 - 00000000 ____D C:\Users\Bill\AppData\Local\{F6216780-5E45-4510-AB12-EAFA31343EB9}
2013-11-21 22:13 - 2013-11-21 22:13 - 00000000 ____D C:\Users\Bill\AppData\Local\{7921A73B-F752-46BA-BABC-6A954D6B8507}
2013-11-21 10:02 - 2013-11-21 10:03 - 00000000 ____D C:\Users\Bill\AppData\Local\{490EC1AD-3B85-4982-ABC7-C0A81C088D61}
2013-11-20 21:41 - 2013-11-20 21:41 - 00000000 ____D C:\Users\Bill\AppData\Local\{00B2B39F-0DA2-4868-A0D9-87C31AB614E0}
2013-11-20 09:24 - 2013-11-20 09:25 - 00000000 ____D C:\Users\Bill\AppData\Local\{260ADE5D-7234-483E-8EB8-7E26240B6894}

==================== One Month Modified Files and Folders =======

2013-12-20 16:12 - 2013-12-20 10:12 - 00005762 _____ C:\Users\Bill\Desktop\FRST.txt
2013-12-20 16:12 - 2012-05-04 22:25 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AE2AB91C-4B0D-451A-B227-EF2D57AAD77A}
2013-12-20 16:12 - 2011-10-19 19:08 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3193178433-3729681772-994535890-1001UA.job
2013-12-20 15:37 - 2012-04-10 18:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-20 15:17 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-20 15:17 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-20 15:16 - 2009-07-14 00:13 - 00782986 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-20 15:14 - 2012-09-01 17:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-20 15:10 - 2011-07-08 17:34 - 00000000 ____D C:\ProgramData\PDFC
2013-12-20 15:09 - 2013-12-20 10:37 - 00000000 ____D C:\AdwCleaner
2013-12-20 15:09 - 2013-11-01 15:52 - 00003002 _____ C:\Windows\setupact.log
2013-12-20 15:09 - 2013-06-03 09:23 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-12-20 15:09 - 2012-09-01 17:57 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-20 15:09 - 2011-12-11 13:08 - 00000400 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2013-12-20 15:09 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-20 15:07 - 2013-12-05 16:36 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-20 15:06 - 2013-12-16 15:10 - 00197324 _____ (Oracle Corporation) C:\ProgramData\stwihos.dat
2013-12-20 15:00 - 2012-08-15 12:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-20 14:56 - 2013-11-01 16:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 10:36 - 2013-12-20 10:36 - 01226750 _____ C:\Users\Bill\Downloads\AdwCleaner.exe
2013-12-20 10:28 - 2013-11-03 06:48 - 00057949 _____ C:\Windows\WindowsUpdate.log
2013-12-20 10:12 - 2013-12-20 10:12 - 00000000 ____D C:\Users\Bill\Desktop\FRST-OlderVersion
2013-12-20 10:12 - 2013-12-19 19:20 - 00000000 ____D C:\FRST
2013-12-20 10:12 - 2013-12-19 19:17 - 02193141 _____ (Farbar) C:\Users\Bill\Desktop\FRST64.exe
2013-12-19 19:26 - 2011-10-19 19:08 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3193178433-3729681772-994535890-1001Core.job
2013-12-19 19:21 - 2013-12-19 19:20 - 00031035 _____ C:\Users\Bill\Desktop\Addition.txt
2013-12-19 17:25 - 2013-12-19 17:25 - 00020022 _____ C:\Users\Bill\Desktop\dds.txt
2013-12-19 17:25 - 2013-12-19 17:25 - 00008922 _____ C:\Users\Bill\Desktop\attach.txt
2013-12-19 17:23 - 2013-12-19 17:23 - 00688992 ____R (Swearware) C:\Users\Bill\Desktop\dds.scr
2013-12-18 20:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{B6142D48-AA33-4FAC-8E02-1511ACF5D414}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{93596CAD-8F06-4648-B7EA-4BA527D428C8}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{5D398417-BFD3-41DB-B667-0AE37849C019}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{47D1CC48-3DA8-42AB-8DAC-A3A76C973147}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{2AE27B23-AB15-4BDE-BB61-1C317C3D9852}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{23E14437-5EF0-4813-B575-B21F8B3BF9CF}
2013-12-18 19:22 - 2013-12-18 19:22 - 00002960 _____ C:\Windows\System32\Tasks\{15DF61BB-E8E2-4052-98CE-0C9F2747516F}
2013-12-18 19:21 - 2013-12-18 19:21 - 00002978 _____ C:\Windows\System32\Tasks\{CF72A2B2-5E05-4DEE-A18D-0AF282D7B1A2}
2013-12-18 19:06 - 2013-12-17 20:33 - 00000081 _____ C:\Users\Bill\AppData\Roaming\mbam.context.scan
2013-12-18 16:28 - 2013-12-18 16:28 - 00000000 ____D C:\Users\Bill\AppData\Local\{B782842D-9720-427C-B1AF-526110617FAB}
2013-12-18 16:21 - 2013-11-12 16:18 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-17 20:37 - 2013-12-17 20:37 - 00002978 _____ C:\Windows\System32\Tasks\{C37ADC89-3A33-4E13-A02B-B6A83A0E0609}
2013-12-17 20:37 - 2013-12-17 20:37 - 00002978 _____ C:\Windows\System32\Tasks\{B3F575E7-6B39-46FF-8CB6-4F21427FFB93}
2013-12-17 20:37 - 2013-12-17 20:37 - 00002978 _____ C:\Windows\System32\Tasks\{5F2BD0C6-4A17-4197-B6E5-3532F39A5406}
2013-12-17 20:30 - 2013-12-17 20:30 - 00002982 _____ C:\Windows\System32\Tasks\{E915F16F-84AF-4064-B473-21FDCB94DD0A}
2013-12-17 18:04 - 2013-12-17 18:03 - 00000000 ____D C:\Users\Bill\AppData\Local\{5DB54227-A0F9-4078-97A3-E78B052DDD58}
2013-12-16 12:52 - 2013-12-16 12:52 - 00000000 ____D C:\Users\Bill\AppData\Local\{E10C7F05-9EA4-4917-B7BF-28F56F777CCF}
2013-12-15 22:43 - 2013-12-15 22:43 - 00000000 ____D C:\Users\Bill\AppData\Local\{B143948F-C524-467C-B7C3-578E38B0B301}
2013-12-15 09:52 - 2013-12-15 09:52 - 00000000 ____D C:\Users\Bill\AppData\Local\{58A439E6-B310-4BE0-A9A1-5DE1FE04BCF1}
2013-12-14 21:52 - 2013-12-14 21:52 - 00000000 ____D C:\Users\Bill\AppData\Local\{9CC7FB8C-9BA0-452A-95EB-E757DDBC8421}
2013-12-14 09:51 - 2013-12-14 09:51 - 00000000 ____D C:\Users\Bill\AppData\Local\{3CB34414-87AE-4E7F-A761-5BE5866EF7D4}
2013-12-13 21:47 - 2012-04-19 17:46 - 00000000 ____D C:\ProgramData\Adobe
2013-12-13 21:46 - 2013-11-01 15:52 - 00060418 _____ C:\Windows\PFRO.log
2013-12-13 18:28 - 2013-12-13 18:27 - 00000000 ____D C:\Users\Bill\AppData\Local\{97CB7D00-3806-48E9-A836-5C92B35DA78F}
2013-12-13 16:50 - 2011-10-19 19:08 - 00000000 ____D C:\Users\Bill\AppData\Local\Google
2013-12-13 06:04 - 2013-12-13 06:04 - 00000000 ____D C:\Users\Bill\AppData\Local\{0CF0AE35-D68C-48E6-B2AC-4B1AEF920D5A}
2013-12-12 16:55 - 2013-12-12 16:55 - 00000000 ____D C:\Users\Bill\AppData\Local\{7CA6EEB7-CB80-4A1F-85C5-4FB09CF74BCA}
2013-12-12 16:37 - 2012-04-19 17:46 - 00000000 ____D C:\Users\Bill\AppData\Local\Adobe
2013-12-12 16:37 - 2011-09-27 09:13 - 00000000 ____D C:\Users\Bill\AppData\Roaming\Adobe
2013-12-12 16:33 - 2012-09-01 17:58 - 00000000 ____D C:\Program Files\Google
2013-12-12 16:33 - 2012-09-01 17:57 - 00000000 ____D C:\ProgramData\Google
2013-12-12 16:33 - 2012-09-01 17:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-12 16:32 - 2012-04-19 17:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-11 23:04 - 2013-12-11 23:04 - 00000000 ____D C:\Users\Bill\AppData\Local\{DD9A6CE4-2F71-4B72-A0BB-E5632E096691}
2013-12-11 05:32 - 2013-12-11 05:31 - 00000000 ____D C:\Users\Bill\AppData\Local\{748EA77A-3442-4492-B311-D51F000255C1}
2013-12-10 18:33 - 2012-04-10 18:02 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 18:32 - 2012-04-10 18:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 18:32 - 2012-04-10 18:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 16:35 - 2013-12-10 16:35 - 00000000 ____D C:\Users\Bill\AppData\Local\{E456F9E4-A3A4-475A-BB55-673E3939F362}
2013-12-09 14:31 - 2013-12-09 14:31 - 00000000 ____D C:\Users\Bill\AppData\Local\{082F06B0-B9A8-4596-BA0F-8483C43201BD}
2013-12-07 22:57 - 2013-01-01 07:55 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-12-07 16:28 - 2013-12-07 16:28 - 00000000 ____D C:\Users\Bill\AppData\Local\{146413EA-3F6F-4669-89C2-16CA27B6DB6D}
2013-12-06 18:14 - 2013-12-06 18:14 - 00000000 ____D C:\Users\Bill\AppData\Local\{6BF4812F-D169-43E4-A48A-19E6428B1EDE}
2013-12-05 18:17 - 2013-11-07 10:50 - 00001450 _____ C:\Users\Bill\Desktop\Sign In (2).url
2013-12-05 17:24 - 2013-12-05 17:24 - 00230970 _____ C:\Users\Bill\Documents\cc_20131205_172413.reg
2013-12-05 17:18 - 2013-05-29 16:58 - 00000000 ____D C:\Program Files (x86)\WhatsRunning
2013-12-05 17:16 - 2013-05-29 17:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-05 17:15 - 2011-09-27 09:11 - 00000000 ___RD C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-05 16:35 - 2013-12-05 16:35 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bill\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-05 16:34 - 2013-12-05 16:34 - 00000000 ____D C:\Users\Bill\AppData\Local\Macromedia
2013-12-05 14:46 - 2012-10-05 14:49 - 02112512 ___SH C:\Users\Bill\Documents\Thumbs.db
2013-12-05 07:22 - 2013-12-05 07:22 - 00000000 ____D C:\Users\Bill\AppData\Local\{28DE3C24-B8B4-41B9-A012-66B9EF01AD3C}
2013-12-04 19:05 - 2011-10-19 19:08 - 00003876 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3193178433-3729681772-994535890-1001UA
2013-12-04 19:05 - 2011-10-19 19:08 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3193178433-3729681772-994535890-1001Core
2013-12-04 19:04 - 2013-12-04 19:04 - 00000000 ____D C:\Users\Bill\AppData\Local\{6B84FE26-6701-45A9-A151-AC3033876F7A}
2013-12-04 06:10 - 2013-12-04 06:10 - 00000000 ____D C:\Users\Bill\AppData\Local\{80CC3877-BA1B-481C-B806-F5088B842A02}
2013-12-03 17:13 - 2013-12-03 17:13 - 00000000 ____D C:\Users\Bill\AppData\Local\{A7193810-881E-435D-89E0-1C076F108ED7}
2013-12-03 03:09 - 2012-09-01 17:57 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-03 03:09 - 2012-09-01 17:57 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-02 22:48 - 2013-12-02 22:48 - 00000000 ____D C:\Users\Bill\AppData\Local\{983E088E-90DF-4B6E-9E0D-8EB143FEF156}
2013-12-02 09:00 - 2013-12-02 08:59 - 00000000 ____D C:\Users\Bill\AppData\Local\{1BFD2359-6048-4A9D-852C-829D17D71EA5}
2013-12-01 20:08 - 2013-12-01 20:07 - 00000000 ____D C:\Users\Bill\AppData\Local\{465804B9-A1BF-457E-B5FB-54518F167BD3}
2013-11-30 17:14 - 2013-11-30 17:14 - 00000000 ____D C:\Users\Bill\AppData\Local\{795F13F7-66D9-4EBF-94A8-60F7FEDEE0EE}
2013-11-29 17:38 - 2013-11-29 17:38 - 00000000 ____D C:\Users\Bill\AppData\Local\{1ED64B44-2B04-441F-968F-4EA134A5E620}
2013-11-28 23:01 - 2013-11-28 23:01 - 00000000 ____D C:\Users\Bill\AppData\Local\{A5E3EB7E-F21B-4C94-A59A-A9DFEFD204E6}
2013-11-28 09:33 - 2013-11-28 09:32 - 00000000 ____D C:\Users\Bill\AppData\Local\{37795C3A-7BEF-4D1A-BC7A-A2251DA04506}
2013-11-27 19:03 - 2013-11-27 19:02 - 00000000 ____D C:\Users\Bill\AppData\Local\{DC913FD5-B1A6-4F69-AFE1-170812A2173C}
2013-11-26 18:00 - 2013-11-26 18:00 - 00000000 ____D C:\Users\Bill\AppData\Local\{1FFB821A-0934-4C31-BC3B-A068CB028810}
2013-11-25 22:08 - 2013-11-25 22:08 - 00000000 ____D C:\Users\Bill\AppData\Local\{D20D2782-C6C8-4377-9170-21B608DF3CF5}
2013-11-25 06:29 - 2013-11-25 06:29 - 00000000 ____D C:\Users\Bill\AppData\Local\{6DA118AD-5007-4154-99AC-2757E5C4F267}
2013-11-24 16:29 - 2013-11-24 16:29 - 00000000 ____D C:\Users\Bill\AppData\Local\{129EF47E-3470-4E62-86F4-FEFA59D0A222}
2013-11-23 22:27 - 2013-11-23 22:27 - 00000000 ____D C:\Users\Bill\AppData\Local\{0A89BF2D-57D1-489C-971C-F29B61E1BB31}
2013-11-23 09:00 - 2013-11-23 08:59 - 00000000 ____D C:\Users\Bill\AppData\Local\{822F785F-3CA9-4837-AD63-83B4D5EE6677}
2013-11-22 17:56 - 2013-11-22 17:56 - 00000000 ____D C:\Users\Bill\AppData\Local\{F6216780-5E45-4510-AB12-EAFA31343EB9}
2013-11-21 22:13 - 2013-11-21 22:13 - 00000000 ____D C:\Users\Bill\AppData\Local\{7921A73B-F752-46BA-BABC-6A954D6B8507}
2013-11-21 10:03 - 2013-11-21 10:02 - 00000000 ____D C:\Users\Bill\AppData\Local\{490EC1AD-3B85-4982-ABC7-C0A81C088D61}
2013-11-20 21:41 - 2013-11-20 21:41 - 00000000 ____D C:\Users\Bill\AppData\Local\{00B2B39F-0DA2-4868-A0D9-87C31AB614E0}
2013-11-20 09:25 - 2013-11-20 09:24 - 00000000 ____D C:\Users\Bill\AppData\Local\{260ADE5D-7234-483E-8EB8-7E26240B6894}

Files to move or delete:
====================
C:\ProgramData\stwihos.dat


Some content of TEMP:
====================
C:\Users\Bill\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-20 10:30

==================== End Of Log ============================

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

All infectiion return, ok run the following:

 

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
     
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
     
  • Close any open browsers and any other programs you might have running
     
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
     
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
     
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
     
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*


    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

Link to post
Share on other sites
fjbrad

fjbrad

Posted
  • Author
Posted

ComboFix 13-12-20.01 - Bill 20/12/2013  17:41:10.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.4003.3049 [GMT -5:00]
Running from: c:\users\Bill\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DSC00332.JPG
C:\DSC00340.JPG
C:\DSC00342.JPG
C:\DSC00353.JPG
C:\DSC00354.JPG
C:\DSC00362.JPG
c:\programdata\connector.swf
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_cijeeimilokkhlfjombmalgpabbonmah_0
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_cijeeimilokkhlfjombmalgpabbonmah_0\1
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_cijeeimilokkhlfjombmalgpabbonmah_0\2
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\background.html
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\crossriderManifest.json
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\manifest.xml
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\plugins.json
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\plugins\1_base.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\plugins\1000014_GPL Plugin (Loader).js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\plugins\1000015_GPL Background (BG).js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\plugins\17_jQuery.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\plugins\21_debug.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\plugins\22_resources.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\plugins\28_initializer.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\plugins\47_resources_background.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\plugins\64_appApiMessage.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\plugins\72_appApiValidation.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\userCode\background.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\extensionData\userCode\extension.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\icons\actions\1.png
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\icons\icon128.png
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\icons\icon16.png
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\icons\icon48.png
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\api\chrome.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\api\cookie.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\api\message.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\api\pageAction.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\api\pageActionBG.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\background.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\app_api.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\bg_app_api.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\consts.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\cookie_store.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\crossriderAPI.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\delegate.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\events.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\extensionDataStore.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\installer.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\logFile.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\logging.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\onBGDocumentLoad.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\popupResource\newPopup.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\popupResource\popup.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\reports.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\storageWrapper.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\updateManager.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\util.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\lib\xhr.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\js\main.js
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\manifest.json
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.25.18_0\popup.html
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cijeeimilokkhlfjombmalgpabbonmah
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cijeeimilokkhlfjombmalgpabbonmah\000003.log
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cijeeimilokkhlfjombmalgpabbonmah\CURRENT
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cijeeimilokkhlfjombmalgpabbonmah\LOCK
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cijeeimilokkhlfjombmalgpabbonmah\LOG
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cijeeimilokkhlfjombmalgpabbonmah\MANIFEST-000002
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cijeeimilokkhlfjombmalgpabbonmah_0.localstorage-journal
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cijeeimilokkhlfjombmalgpabbonmah_0.localstorage
c:\users\Bill\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Bill\AppData\Roaming\result.db
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-20 to 2013-12-20  )))))))))))))))))))))))))))))))
.
.
2013-12-20 22:46 . 2013-12-20 22:46    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-12-20 15:37 . 2013-12-20 20:09    --------    d-----w-    C:\AdwCleaner
2013-12-20 00:20 . 2013-12-20 15:12    --------    d-----w-    C:\FRST
2013-12-16 20:10 . 2013-12-20 20:06    197324    ----a-w-    c:\programdata\stwihos.dat
2013-12-15 14:49 . 2013-11-08 03:12    10285968    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7AAF143-3258-44E9-A935-6E1C8103825D}\mpengine.dll
2013-12-12 21:32 . 2013-12-12 21:32    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2013-12-05 21:34 . 2013-12-05 21:34    --------    d-----w-    c:\users\Bill\AppData\Local\Macromedia
2013-12-05 21:26 . 2013-09-11 02:28    271256    ----a-w-    c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 23:32 . 2012-04-10 23:02    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 23:32 . 2012-04-10 23:02    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-13 14:15 . 2013-11-01 20:12    409832    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2013-11-08 03:09 . 2013-11-08 03:09    736952    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-11-01 20:11 . 2013-11-01 20:12    92544    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-11-01 20:11 . 2013-11-01 20:12    84328    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-11-01 20:11 . 2013-11-01 20:12    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-11-01 20:11 . 2013-11-01 20:12    65264    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-11-01 20:11 . 2013-11-01 20:12    38984    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-11-01 20:11 . 2013-11-01 20:12    205320    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-11-01 20:11 . 2013-11-01 20:12    1032416    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-11-01 20:11 . 2013-11-01 20:12    334648    ----a-w-    c:\windows\system32\aswBoot.exe
2013-11-01 20:11 . 2013-11-01 20:11    43152    ----a-w-    c:\windows\avastSS.scr
2013-10-02 09:02 . 2012-09-04 02:51    46368    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-12-12 39408]
"stwihos"="c:\programdata\stwihos.dat" [2013-12-20 197324]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-01 3567800]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"20131121"="c:\program files\AVAST Software\Avast\setup\emupdate\56d03e96-9ad7-4ee1-b80f-1d6ffa3f429b.exe" [2013-11-23 180184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
.
c:\users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files (x86)\Webshots\Launcher.exe  /t [2011-9-28 157008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:32]
.
2013-12-20 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-12-11 19:24]
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 22:57]
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 22:57]
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3193178433-3729681772-994535890-1001Core.job
- c:\users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-20 00:08]
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3193178433-3729681772-994535890-1001UA.job
- c:\users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-20 00:08]
.
2013-11-02 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-01 20:11    326944    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local


IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\u3nbeui9.default-1369882191062\

FF - ExtSQL: 2013-11-01 16:12; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-12-05 16:31; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\u3nbeui9.default-1369882191062\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-10 - (no file)
WebBrowser-{22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - (no file)
WebBrowser-{3BBD3C14-4C16-4989-8366-95BC9179779D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~2\Webshots\webshots.scr
c:\program files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-12-20  17:52:08 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-20 22:52
ComboFix2.txt  2010-02-15 18:28
.
Pre-Run: 938,010,255,360 bytes free
Post-Run: 937,923,457,024 bytes free
.
- - End Of File - - AC4DC3BC16FC09ECDF2958CCA38FE89E
 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

ClearJavaCache::File::c:\programdata\stwihos.datc:\windows\system32\drivers\aswsp.sysc:\windows\system32\drivers\aswRdr2.sysc:\windows\system32\drivers\aswMonFlt.sysc:\windows\system32\drivers\aswRvrt.sysc:\windows\system32\drivers\aswTdi.sysc:\windows\system32\drivers\aswFsBlk.sysc:\windows\system32\drivers\aswVmm.sysc:\windows\system32\drivers\aswSnx.sysc:\windows\system32\aswBoot.exec:\windows\avastSS.scrc:\users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnkc:\windows\Tasks\SpeedyPC Registration3.jobFolder::c:\program files\AVAST Softwarec:\program files (x86)\WebshotsDriver::aswRvrtaswVmmaswSnxaswSPaswFsBlkaswMonFltRegistry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"stwihos"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"AvastUI.exe"=-"20131121"=-[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]"{472083B0-C522-11CF-8763-00608CC02F24}"=-[-HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

Go here http://www.sevenforums.com/tutorials/214461-local-group-policy-reset-default.html and follow instruction to set Group Policy to default setting..

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

Link to post
Share on other sites
fjbrad

fjbrad

Posted
  • Author
Posted

The ComboFix part seemed to work but reseting the policies did not. The vbs script appeared to do nothing and the batch file failed after not finding the two policy directories.

mbam of course will still not run

 

ComboFix 13-12-20.01 - Bill 20/12/2013  19:56:30.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.4003.2931 [GMT -5:00]
Running from: c:\users\Bill\Desktop\ComboFix.exe
Command switches used :: c:\users\Bill\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\stwihos.dat"
"c:\users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk"
"c:\windows\avastSS.scr"
"c:\windows\system32\aswBoot.exe"
"c:\windows\system32\drivers\aswFsBlk.sys"
"c:\windows\system32\drivers\aswMonFlt.sys"
"c:\windows\system32\drivers\aswRdr2.sys"
"c:\windows\system32\drivers\aswRvrt.sys"
"c:\windows\system32\drivers\aswSnx.sys"
"c:\windows\system32\drivers\aswsp.sys"
"c:\windows\system32\drivers\aswTdi.sys"
"c:\windows\system32\drivers\aswVmm.sys"
"c:\windows\Tasks\SpeedyPC Registration3.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Webshots
c:\program files (x86)\Webshots\Launcher.exe
c:\program files (x86)\Webshots\unins000.dat
c:\program files (x86)\Webshots\unins000.exe
c:\program files (x86)\Webshots\upgraded_from.txt
c:\program files (x86)\Webshots\Webshots.scr
c:\program files (x86)\Webshots\wsaxcontrol.ocx
c:\program files (x86)\Webshots\wsaxffmpeg.dll
c:\program files (x86)\Webshots\wsaxmediauploader.ocx
c:\program files (x86)\Webshots\wsaxupdater.dll
c:\program files (x86)\Webshots\wsaxupdater.exe
c:\program files (x86)\Webshots\wsaxversion.xml
c:\program files (x86)\Webshots\WSVersionATX.ocx
c:\program files\AVAST Software
c:\program files\AVAST Software\Avast\1033\aswClnTg.htm
c:\program files\AVAST Software\Avast\1033\aswClnTg.txt
c:\program files\AVAST Software\Avast\1033\aswInfTg.htm
c:\program files\AVAST Software\Avast\1033\aswInfTg.txt
c:\program files\AVAST Software\Avast\1033\Avast5_1033.chm
c:\program files\AVAST Software\Avast\1033\Base.dll
c:\program files\AVAST Software\Avast\1033\Boot.dll
c:\program files\AVAST Software\Avast\1033\uiLangRes.dll
c:\program files\AVAST Software\Avast\Aavm4h.dll
c:\program files\AVAST Software\Avast\AavmRpch.dll
c:\program files\AVAST Software\Avast\AavmRpch64.dll
c:\program files\AVAST Software\Avast\AhAScr.dll
c:\program files\AVAST Software\Avast\AhResMai.dll
c:\program files\AVAST Software\Avast\AhResStd.dll
c:\program files\AVAST Software\Avast\AhResWS.dll
c:\program files\AVAST Software\Avast\ashBase.dll
c:\program files\AVAST Software\Avast\ashMaiSv.dll
c:\program files\AVAST Software\Avast\ashQuick.exe
c:\program files\AVAST Software\Avast\ashServ.dll
c:\program files\AVAST Software\Avast\ashShA64.dll
c:\program files\AVAST Software\Avast\ashShell.dll
c:\program files\AVAST Software\Avast\ashTask.dll
c:\program files\AVAST Software\Avast\ashTaskEx.dll
c:\program files\AVAST Software\Avast\ashUpd.exe
c:\program files\AVAST Software\Avast\ashwebsv.dll
c:\program files\AVAST Software\Avast\ashwebsv.dll.sum
c:\program files\AVAST Software\Avast\ashWsFtr.dll
c:\program files\AVAST Software\Avast\asOutExt.dll
c:\program files\AVAST Software\Avast\asOutExt64.dll
c:\program files\AVAST Software\Avast\asulaunch.exe
c:\program files\AVAST Software\Avast\aswAra.dll
c:\program files\AVAST Software\Avast\aswAraSr.exe
c:\program files\AVAST Software\Avast\aswAux.dll
c:\program files\AVAST Software\Avast\aswChLic.exe
c:\program files\AVAST Software\Avast\aswCmnBS.dll
c:\program files\AVAST Software\Avast\aswCmnIS.dll
c:\program files\AVAST Software\Avast\aswCmnOS.dll
c:\program files\AVAST Software\Avast\aswCommChannel.dll
c:\program files\AVAST Software\Avast\aswData.dll
c:\program files\AVAST Software\Avast\aswDld.dll
c:\program files\AVAST Software\Avast\aswEngLdr.dll
c:\program files\AVAST Software\Avast\aswIdle.dll
c:\program files\AVAST Software\Avast\aswJsFlt.dll
c:\program files\AVAST Software\Avast\aswJsFlt64.dll
c:\program files\AVAST Software\Avast\aswLog.dll
c:\program files\AVAST Software\Avast\aswLSRun.dll
c:\program files\AVAST Software\Avast\aswPatchMgt.dll
c:\program files\AVAST Software\Avast\aswProperty.dll
c:\program files\AVAST Software\Avast\aswProperty64.dll
c:\program files\AVAST Software\Avast\aswRemoteCache.dll
c:\program files\AVAST Software\Avast\aswResourceLib.dll
c:\program files\AVAST Software\Avast\aswRunDll.exe
c:\program files\AVAST Software\Avast\aswRvrt.dll
c:\program files\AVAST Software\Avast\aswSidebar.gadget
c:\program files\AVAST Software\Avast\aswSqLt.dll
c:\program files\AVAST Software\Avast\aswStrm.dll
c:\program files\AVAST Software\Avast\aswUtil.dll
c:\program files\AVAST Software\Avast\aswVmm.dll
c:\program files\AVAST Software\Avast\aswW8ntf.dll
c:\program files\AVAST Software\Avast\aswWebRepIE.dll
c:\program files\AVAST Software\Avast\aswWebRepIE64.dll
c:\program files\AVAST Software\Avast\avast.der
c:\program files\AVAST Software\Avast\AvastBCL-Sfx.exe
c:\program files\AVAST Software\Avast\AvastEmUpdate.exe
c:\program files\AVAST Software\Avast\AvastGUIProxy64.dll
c:\program files\AVAST Software\Avast\avastIP.dll
c:\program files\AVAST Software\Avast\avastSS.dll
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\AVAST Software\Avast\avastui.exe
c:\program files\AVAST Software\Avast\avastui.exe.sum
c:\program files\AVAST Software\Avast\avBugReport.exe
c:\program files\AVAST Software\Avast\AvSSHook.dll
c:\program files\AVAST Software\Avast\Certificates\digicert_ca_39.der
c:\program files\AVAST Software\Avast\Certificates\digicert_ca_3b.der
c:\program files\AVAST Software\Avast\CommonRes.dll
c:\program files\AVAST Software\Avast\CrtCheck32.dll
c:\program files\AVAST Software\Avast\dbghelp.dll
c:\program files\AVAST Software\Avast\defs\13122003\algo.dll
c:\program files\AVAST Software\Avast\defs\13122003\algo64.dll
c:\program files\AVAST Software\Avast\defs\13122003\ArPot.dll
c:\program files\AVAST Software\Avast\defs\13122003\aswAR.dll
c:\program files\AVAST Software\Avast\defs\13122003\aswBoot.dll
c:\program files\AVAST Software\Avast\defs\13122003\aswBoot64.dll
c:\program files\AVAST Software\Avast\defs\13122003\aswCleanerDLL.dll
c:\program files\AVAST Software\Avast\defs\13122003\aswCmnBS.dll
c:\program files\AVAST Software\Avast\defs\13122003\aswCmnIS.dll
c:\program files\AVAST Software\Avast\defs\13122003\aswCmnIS64.dll
c:\program files\AVAST Software\Avast\defs\13122003\aswCmnOS.dll
c:\program files\AVAST Software\Avast\defs\13122003\aswEngin.dll
c:\program files\AVAST Software\Avast\defs\13122003\aswFiDb.dll
c:\program files\AVAST Software\Avast\defs\13122003\aswRawFS.dll
c:\program files\AVAST Software\Avast\defs\13122003\aswRawFS64.dll
c:\program files\AVAST Software\Avast\defs\13122003\aswRep.dll
c:\program files\AVAST Software\Avast\defs\13122003\aswScan.dll
c:\program files\AVAST Software\Avast\defs\13122003\certs.map
c:\program files\AVAST Software\Avast\defs\13122003\db_as.dat
c:\program files\AVAST Software\Avast\defs\13122003\db_bank.dat
c:\program files\AVAST Software\Avast\defs\13122003\db_bhv.map
c:\program files\AVAST Software\Avast\defs\13122003\db_bhv.nmp
c:\program files\AVAST Software\Avast\defs\13122003\db_bhv.sig
c:\program files\AVAST Software\Avast\defs\13122003\db_dex.map
c:\program files\AVAST Software\Avast\defs\13122003\db_dex.nmp
c:\program files\AVAST Software\Avast\defs\13122003\db_dex.sig
c:\program files\AVAST Software\Avast\defs\13122003\db_dsql.dat
c:\program files\AVAST Software\Avast\defs\13122003\db_dsql.map
c:\program files\AVAST Software\Avast\defs\13122003\db_dyna.map
c:\program files\AVAST Software\Avast\defs\13122003\db_dyna.nmp
c:\program files\AVAST Software\Avast\defs\13122003\db_dyna.sig
c:\program files\AVAST Software\Avast\defs\13122003\db_el.dat
c:\program files\AVAST Software\Avast\defs\13122003\db_elf.map
c:\program files\AVAST Software\Avast\defs\13122003\db_elf.nmp
c:\program files\AVAST Software\Avast\defs\13122003\db_elf.sig
c:\program files\AVAST Software\Avast\defs\13122003\db_elfa.map
c:\program files\AVAST Software\Avast\defs\13122003\db_elfa.nmp
c:\program files\AVAST Software\Avast\defs\13122003\db_elfa.sig
c:\program files\AVAST Software\Avast\defs\13122003\db_evope.dat
c:\program files\AVAST Software\Avast\defs\13122003\db_java.map
c:\program files\AVAST Software\Avast\defs\13122003\db_java.nmp
c:\program files\AVAST Software\Avast\defs\13122003\db_java.sig
c:\program files\AVAST Software\Avast\defs\13122003\db_js.map
c:\program files\AVAST Software\Avast\defs\13122003\db_js.nmp
c:\program files\AVAST Software\Avast\defs\13122003\db_js.sig
c:\program files\AVAST Software\Avast\defs\13122003\db_mx4.map
c:\program files\AVAST Software\Avast\defs\13122003\db_mx4.nmp
c:\program files\AVAST Software\Avast\defs\13122003\db_mx4.sig
c:\program files\AVAST Software\Avast\defs\13122003\db_mx95.map
c:\program files\AVAST Software\Avast\defs\13122003\db_mx95.nmp
c:\program files\AVAST Software\Avast\defs\13122003\db_mx95.sig
c:\program files\AVAST Software\Avast\defs\13122003\db_o7.map
c:\program files\AVAST Software\Avast\defs\13122003\db_o7.nmp
c:\program files\AVAST Software\Avast\defs\13122003\db_o7.sig
c:\program files\AVAST Software\Avast\defs\13122003\db_o7c.dat
c:\program files\AVAST Software\Avast\defs\13122003\db_o7c.map
c:\program files\AVAST Software\Avast\defs\13122003\db_ob2.dat
c:\program files\AVAST Software\Avast\defs\13122003\db_pe3.dat
c:\program files\AVAST Software\Avast\defs\13122003\db_sc.dat
c:\program files\AVAST Software\Avast\defs\13122003\db_str.map
c:\program files\AVAST Software\Avast\defs\13122003\db_str.nmp
c:\program files\AVAST Software\Avast\defs\13122003\db_str.sig
c:\program files\AVAST Software\Avast\defs\13122003\db_swf.map
c:\program files\AVAST Software\Avast\defs\13122003\db_swf.nmp
c:\program files\AVAST Software\Avast\defs\13122003\db_swf.sig
c:\program files\AVAST Software\Avast\defs\13122003\db_tx.dat
c:\program files\AVAST Software\Avast\defs\13122003\db_u.dat
c:\program files\AVAST Software\Avast\defs\13122003\db_w6.map
c:\program files\AVAST Software\Avast\defs\13122003\db_w6.nmp
c:\program files\AVAST Software\Avast\defs\13122003\db_w6.sig
c:\program files\AVAST Software\Avast\defs\13122003\db_w6c.dat
c:\program files\AVAST Software\Avast\defs\13122003\db_w6c.map
c:\program files\AVAST Software\Avast\defs\13122003\db_wh2.dat
c:\program files\AVAST Software\Avast\defs\13122003\db_xtn.map
c:\program files\AVAST Software\Avast\defs\13122003\def.ini
c:\program files\AVAST Software\Avast\defs\13122003\exts.dll
c:\program files\AVAST Software\Avast\defs\13122003\fwAux.dll
c:\program files\AVAST Software\Avast\defs\13122003\list_d.txt
c:\program files\AVAST Software\Avast\defs\13122003\list_i.txt
c:\program files\AVAST Software\Avast\defs\13122003\Sf.bin
c:\program files\AVAST Software\Avast\defs\13122003\Sf1.bin
c:\program files\AVAST Software\Avast\defs\13122003\Sf2.dll
c:\program files\AVAST Software\Avast\defs\13122003\swhealthex.dll
c:\program files\AVAST Software\Avast\defs\13122003\uiext.dll
c:\program files\AVAST Software\Avast\defs\13122003\whitelist.db
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000001.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000002.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000003.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000004.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000005.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000006.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000007.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000008.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000009.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000000a.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000000b.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000000c.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000000d.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000000e.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000000f.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000010.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000011.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000012.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000013.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000014.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000015.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000016.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000017.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000018.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000019.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000001a.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000001b.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000001c.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000001d.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000001e.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000001f.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000020.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000021.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000022.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000023.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000024.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000025.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000026.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000027.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000028.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000029.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000002a.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000002b.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000002c.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000002e.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000002f.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000030.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000031.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000032.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000033.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000034.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000035.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000036.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000037.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000038.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000039.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000003a.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000003b.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000003c.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000003d.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000003e.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg131220030000003f.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000040.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000041.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000042.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000043.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000044.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000045.bin
c:\program files\AVAST Software\Avast\defs\13122003_stream\pkg1312200300000046.bin
c:\program files\AVAST Software\Avast\defs\aswdefs.ini
c:\program files\AVAST Software\Avast\flash\amcharts_key.txt
c:\program files\AVAST Software\Avast\flash\amline.swf
c:\program files\AVAST Software\Avast\flash\ammap\ammap.swf
c:\program files\AVAST Software\Avast\flash\ammap\ammap_key.txt
c:\program files\AVAST Software\Avast\flash\ammap\ammap_settings_summary.xml
c:\program files\AVAST Software\Avast\flash\ammap\ammap_settings_tracert.xml
c:\program files\AVAST Software\Avast\flash\ammap\empty_map.xml
c:\program files\AVAST Software\Avast\flash\ammap\icons\arrow.swf
c:\program files\AVAST Software\Avast\flash\ammap\icons\bubble.swf
c:\program files\AVAST Software\Avast\flash\ammap\icons\cross.swf
c:\program files\AVAST Software\Avast\flash\ammap\icons\flag.swf
c:\program files\AVAST Software\Avast\flash\ammap\icons\pin.swf
c:\program files\AVAST Software\Avast\flash\ammap\icons\zoom_out.swf
c:\program files\AVAST Software\Avast\flash\ammap\maps\world.swf
c:\program files\AVAST Software\Avast\HTMLayout.dll
c:\program files\AVAST Software\Avast\icudt.dll
c:\program files\AVAST Software\Avast\libcef.dll
c:\program files\AVAST Software\Avast\libeay32.dll
c:\program files\AVAST Software\Avast\License\EULA_Avast_Free.txt
c:\program files\AVAST Software\Avast\locales\am.pak
c:\program files\AVAST Software\Avast\locales\ar.pak
c:\program files\AVAST Software\Avast\locales\bg.pak
c:\program files\AVAST Software\Avast\locales\bn.pak
c:\program files\AVAST Software\Avast\locales\ca.pak
c:\program files\AVAST Software\Avast\locales\cs.pak
c:\program files\AVAST Software\Avast\locales\da.pak
c:\program files\AVAST Software\Avast\locales\de.pak
c:\program files\AVAST Software\Avast\locales\el.pak
c:\program files\AVAST Software\Avast\locales\en-GB.pak
c:\program files\AVAST Software\Avast\locales\en-US.pak
c:\program files\AVAST Software\Avast\locales\es-419.pak
c:\program files\AVAST Software\Avast\locales\es.pak
c:\program files\AVAST Software\Avast\locales\et.pak
c:\program files\AVAST Software\Avast\locales\fa.pak
c:\program files\AVAST Software\Avast\locales\fi.pak
c:\program files\AVAST Software\Avast\locales\fil.pak
c:\program files\AVAST Software\Avast\locales\fr.pak
c:\program files\AVAST Software\Avast\locales\gu.pak
c:\program files\AVAST Software\Avast\locales\he.pak
c:\program files\AVAST Software\Avast\locales\hi.pak
c:\program files\AVAST Software\Avast\locales\hr.pak
c:\program files\AVAST Software\Avast\locales\hu.pak
c:\program files\AVAST Software\Avast\locales\id.pak
c:\program files\AVAST Software\Avast\locales\it.pak
c:\program files\AVAST Software\Avast\locales\ja.pak
c:\program files\AVAST Software\Avast\locales\kn.pak
c:\program files\AVAST Software\Avast\locales\ko.pak
c:\program files\AVAST Software\Avast\locales\lt.pak
c:\program files\AVAST Software\Avast\locales\lv.pak
c:\program files\AVAST Software\Avast\locales\ml.pak
c:\program files\AVAST Software\Avast\locales\mr.pak
c:\program files\AVAST Software\Avast\locales\ms.pak
c:\program files\AVAST Software\Avast\locales\nb.pak
c:\program files\AVAST Software\Avast\locales\nl.pak
c:\program files\AVAST Software\Avast\locales\pl.pak
c:\program files\AVAST Software\Avast\locales\pt-BR.pak
c:\program files\AVAST Software\Avast\locales\pt-PT.pak
c:\program files\AVAST Software\Avast\locales\ro.pak
c:\program files\AVAST Software\Avast\locales\ru.pak
c:\program files\AVAST Software\Avast\locales\sk.pak
c:\program files\AVAST Software\Avast\locales\sl.pak
c:\program files\AVAST Software\Avast\locales\sr.pak
c:\program files\AVAST Software\Avast\locales\sv.pak
c:\program files\AVAST Software\Avast\locales\sw.pak
c:\program files\AVAST Software\Avast\locales\ta.pak
c:\program files\AVAST Software\Avast\locales\te.pak
c:\program files\AVAST Software\Avast\locales\th.pak
c:\program files\AVAST Software\Avast\locales\tr.pak
c:\program files\AVAST Software\Avast\locales\uk.pak
c:\program files\AVAST Software\Avast\locales\vi.pak
c:\program files\AVAST Software\Avast\locales\zh-CN.pak
c:\program files\AVAST Software\Avast\locales\zh-TW.pak
c:\program files\AVAST Software\Avast\OpenVPN\driver\win64\ndis6\addtap.bat
c:\program files\AVAST Software\Avast\OpenVPN\driver\win64\ndis6\aswTap.cat
c:\program files\AVAST Software\Avast\OpenVPN\driver\win64\ndis6\aswTap.inf
c:\program files\AVAST Software\Avast\OpenVPN\driver\win64\ndis6\aswTap.sys
c:\program files\AVAST Software\Avast\OpenVPN\driver\win64\ndis6\deltapall.bat
c:\program files\AVAST Software\Avast\OpenVPN\driver\win64\ndis6\tapinstall.exe
c:\program files\AVAST Software\Avast\OpenVPN\libeay32.dll
c:\program files\AVAST Software\Avast\OpenVPN\libpkcs11-helper-1.dll
c:\program files\AVAST Software\Avast\OpenVPN\lzo2.dll
c:\program files\AVAST Software\Avast\OpenVPN\openvpn.exe
c:\program files\AVAST Software\Avast\OpenVPN\ssleay32.dll
c:\program files\AVAST Software\Avast\RegSvr32.exe
c:\program files\AVAST Software\Avast\RegSvr64.exe
c:\program files\AVAST Software\Avast\RescueDisk\aswRegLib.dll
c:\program files\AVAST Software\Avast\RescueDisk\aswShMin.exe
c:\program files\AVAST Software\Avast\RescueDisk\AvastPE2.exe
c:\program files\AVAST Software\Avast\RescueDisk\waikamd64.mst
c:\program files\AVAST Software\Avast\RescueDisk\waikx86.mst
c:\program files\AVAST Software\Avast\resources\resources.pak
c:\program files\AVAST Software\Avast\sched.exe
c:\program files\AVAST Software\Avast\screenhooks32.dll
c:\program files\AVAST Software\Avast\setup\ais_cmp_bpc-7d1.vpx
c:\program files\AVAST Software\Avast\setup\ais_cmp_rescuedisk-7d2.vpx
c:\program files\AVAST Software\Avast\setup\ais_cmp_secureline-7ce.vpx
c:\program files\AVAST Software\Avast\setup\ais_cmp_secureline_x64-7cc.vpx
c:\program files\AVAST Software\Avast\setup\ais_cmp_swhealth-7d2.vpx
c:\program files\AVAST Software\Avast\setup\ais_cmp_webrep-7d2.vpx
c:\program files\AVAST Software\Avast\setup\ais_core-7d2.vpx
c:\program files\AVAST Software\Avast\setup\ais_dll_eng-7d2.vpx
c:\program files\AVAST Software\Avast\setup\ais_gen_crt_x64-7cc.vpx
c:\program files\AVAST Software\Avast\setup\ais_gen_crt_x86-7cc.vpx
c:\program files\AVAST Software\Avast\setup\ais_gen_openssl-7cd.vpx
c:\program files\AVAST Software\Avast\setup\ais_gen_tdi_x64-7d2.vpx
c:\program files\AVAST Software\Avast\setup\ais_res-7d2.vpx
c:\program files\AVAST Software\Avast\setup\ais_x64-7d2.vpx
c:\program files\AVAST Software\Avast\setup\aswOfferTool.exe
c:\program files\AVAST Software\Avast\setup\avBugReport.exe
c:\program files\AVAST Software\Avast\setup\avbugreport_ais-7d6.vpx
c:\program files\AVAST Software\Avast\setup\CRT\x64\atl110.dll
c:\program files\AVAST Software\Avast\setup\CRT\x64\Avast.VC110.CRT.cat
c:\program files\AVAST Software\Avast\setup\CRT\x64\Avast.VC110.CRT.manifest
c:\program files\AVAST Software\Avast\setup\CRT\x64\mfc110u.dll
c:\program files\AVAST Software\Avast\setup\CRT\x64\msvcp110.dll
c:\program files\AVAST Software\Avast\setup\CRT\x64\msvcr110.dll
c:\program files\AVAST Software\Avast\setup\CRT\x64\Policy.11.0.Avast.VC110.CRT.cat
c:\program files\AVAST Software\Avast\setup\CRT\x64\Policy.11.0.Avast.VC110.CRT.policy
c:\program files\AVAST Software\Avast\setup\CRT\x86\atl110.dll
c:\program files\AVAST Software\Avast\setup\CRT\x86\Avast.VC110.CRT.cat
c:\program files\AVAST Software\Avast\setup\CRT\x86\Avast.VC110.CRT.manifest
c:\program files\AVAST Software\Avast\setup\CRT\x86\mfc110u.dll
c:\program files\AVAST Software\Avast\setup\CRT\x86\msvcp110.dll
c:\program files\AVAST Software\Avast\setup\CRT\x86\msvcr110.dll
c:\program files\AVAST Software\Avast\setup\CRT\x86\Policy.11.0.Avast.VC110.CRT.cat
c:\program files\AVAST Software\Avast\setup\CRT\x86\Policy.11.0.Avast.VC110.CRT.policy
c:\program files\AVAST Software\Avast\setup\emupdate\56d03e96-9ad7-4ee1-b80f-1d6ffa3f429b.exe
c:\program files\AVAST Software\Avast\setup\HTMLayout.dll
c:\program files\AVAST Software\Avast\setup\INF\aswsp.cat
c:\program files\AVAST Software\Avast\setup\INF\aswsp.cat.sum
c:\program files\AVAST Software\Avast\setup\INF\aswsp.inf
c:\program files\AVAST Software\Avast\setup\INF\aswsp.inf.sum
c:\program files\AVAST Software\Avast\setup\INF\x64\aswBoot.exe
c:\program files\AVAST Software\Avast\setup\INF\x64\aswFsBlk.sys
c:\program files\AVAST Software\Avast\setup\INF\x64\aswMonFlt.sys
c:\program files\AVAST Software\Avast\setup\INF\x64\aswRdr2.sys
c:\program files\AVAST Software\Avast\setup\INF\x64\aswRvrt.sys
c:\program files\AVAST Software\Avast\setup\INF\x64\aswSnx.sys
c:\program files\AVAST Software\Avast\setup\INF\x64\aswsp.sys
c:\program files\AVAST Software\Avast\setup\INF\x64\aswsp.sys.sum
c:\program files\AVAST Software\Avast\setup\INF\x64\aswTdi.sys
c:\program files\AVAST Software\Avast\setup\INF\x64\aswVmm.sys
c:\program files\AVAST Software\Avast\setup\instcont_ais-7d6.vpx
c:\program files\AVAST Software\Avast\setup\instup.dll
c:\program files\AVAST Software\Avast\setup\instup.dll.sum
c:\program files\AVAST Software\Avast\setup\instup.exe
c:\program files\AVAST Software\Avast\setup\instup_ais-7d6.vpx
c:\program files\AVAST Software\Avast\setup\jrog2-918.vpx
c:\program files\AVAST Software\Avast\setup\nmp.map
c:\program files\AVAST Software\Avast\setup\Offers.ini
c:\program files\AVAST Software\Avast\setup\offertool_ais-7d6.vpx
c:\program files\AVAST Software\Avast\setup\part-jrog2-918.vpx
c:\program files\AVAST Software\Avast\setup\part-prg_ais-7d6.vpx
c:\program files\AVAST Software\Avast\setup\part-setup_ais-7d6.vpx
c:\program files\AVAST Software\Avast\setup\part-vps_win32-13122003.vpx
c:\program files\AVAST Software\Avast\setup\prod-ais.vpx
c:\program files\AVAST Software\Avast\setup\prod-vps.vpx
c:\program files\AVAST Software\Avast\setup\selfdefense_x64_ais-7d6.vpx
c:\program files\AVAST Software\Avast\setup\selfdefense_x86_ais-7d6.vpx
c:\program files\AVAST Software\Avast\setup\servers.def
c:\program files\AVAST Software\Avast\setup\servers.def.lkg
c:\program files\AVAST Software\Avast\setup\servers.def.vpx
c:\program files\AVAST Software\Avast\setup\setgui_ais-7d6.vpx
c:\program files\AVAST Software\Avast\setup\settings.ori
c:\program files\AVAST Software\Avast\setup\setup.ini
c:\program files\AVAST Software\Avast\setup\sig.bin
c:\program files\AVAST Software\Avast\setup\Stats.ini
c:\program files\AVAST Software\Avast\setup\Stats.txt
c:\program files\AVAST Software\Avast\setup\vps_32-c1e.vpx
c:\program files\AVAST Software\Avast\setup\vps_win32-c2f.vpx
c:\program files\AVAST Software\Avast\setup\vps_win64-8c0.vpx
c:\program files\AVAST Software\Avast\SetupInf64.exe
c:\program files\AVAST Software\Avast\snxhk.dll
c:\program files\AVAST Software\Avast\snxhk64.dll
c:\program files\AVAST Software\Avast\ssleay32.dll
c:\program files\AVAST Software\Avast\VisthAux.exe
c:\program files\AVAST Software\Avast\WebRep\Chrome\AswWebRepChrome.crx
c:\program files\AVAST Software\Avast\WebRep\Chrome\AswWebRepChrome.ver
c:\program files\AVAST Software\Avast\WebRep\FF\chrome.manifest
c:\program files\AVAST Software\Avast\WebRep\FF\content\aos.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\libs\avastwrc.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\libs\dateFormat.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\libs\jquery-1.5.2.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\libs\jquery.mustache.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\libs\pbj.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\libs\protobuf.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\libs\query.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\libs\wrc_gpb.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\scripts\bal.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\scripts\ial.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\scripts\options.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\scripts\templates.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\css\extension.css
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\css\settings.css
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\avast-logo.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\avastlogo@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\fblike.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\flattr.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\google+.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\grey0-16.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_bug.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_bug@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_check.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_check@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_checkbig.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_checkbig@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_close.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_close@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_close_small.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_close_small@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_exclamationmark.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_exclamationmark@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_extensiontop.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_extensiontop_green.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_extensiontop_orange.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_extensiontop_red.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_eye.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_eye@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_maleware.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_maleware@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_norating_big.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_norating_big@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_norating_big2.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_norating_big2@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_rates.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_rates@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_siteforward.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_siteforward@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_thumbdown_big.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_thumbdown_big@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_thumblearn.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_thumblearn@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_thumbright_big.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_thumbright_big@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_thumbup_big.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_thumbup_big@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_warning.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icn_warning@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icnclose_small.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icnthumbdownsmall.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icnthumbdownsmall@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icnthumbsmall.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icnthumbsmall@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icon128.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icon256.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icon48.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\icon64.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\img_bg.jpg
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\inshare.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\logo_avast.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\logo_avastblack.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\logo_avastblack@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\logo_avastcolor.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\logo_avastcolor@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\logo_avastsmall.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\logo_avastsmall@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\pin.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\se_icn_green.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\se_icn_grey.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\se_icn_norating.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\se_icn_orange.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\se_icn_red.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\se_icn_thumbdown.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\se_icn_thumbneutral.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\se_icn_thumbup.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\switcher_dotgreen.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\switcher_dotgreen@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\switcher_dotorange.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\switcher_dotorange@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\switcher_dotred.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\switcher_dotred@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\switcher_greenbg.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\switcher_greenbg@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\switcher_orangebg.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\switcher_orangebg@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\switcher_redbg.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\switcher_redbg@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\switchersmall_dotgreen.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\switchersmall_dotgreen@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\switchersmall_dotred.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\switchersmall_dotred@2x.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\tumblr.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\tweet.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\vklike.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\xinglike.png
c:\program files\AVAST Software\Avast\WebRep\FF\content\extension.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\hover.css
c:\program files\AVAST Software\Avast\WebRep\FF\content\hoverContent.html
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\ar\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\be\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\bg\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\bn\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\ca\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\cs\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\da\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\de\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\el\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\en\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\en_GB\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\es\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\et\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\fa\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\fi\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\fr\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\he\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\hi\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\hr\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\hu\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\id\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\it\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\ja\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\ko\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\lv\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\ms\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\nb\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\nl\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\pl\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\pt_BR\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\pt_PT\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\ro\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\ru\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\sk\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\sl\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\sr\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\sv\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\th\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\tr\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\uk\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\ur\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\vi\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\zh_CN\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\locale\zh_TW\messages.json
c:\program files\AVAST Software\Avast\WebRep\FF\content\log.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\messageProxy.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\options.html
c:\program files\AVAST Software\Avast\WebRep\FF\content\overlay.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\overlay.xul
c:\program files\AVAST Software\Avast\WebRep\FF\content\ratings.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\ReqBlocker.js
c:\program files\AVAST Software\Avast\WebRep\FF\content\Utils.jsm
c:\program files\AVAST Software\Avast\WebRep\FF\install.rdf
c:\program files\AVAST Software\Avast\WebRep\FF\skin\overlay.css
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\ar\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\be\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\bg\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\bn\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\ca\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\cs\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\da\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\de\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\el\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\en\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\en_GB\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\es\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\et\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\fa\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\fi\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\fr\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\he\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\hi\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\hr\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\hu\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\id\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\it\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\ja\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\ko\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\lv\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\ms\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\nb\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\nl\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\pl\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\pt_BR\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\pt_PT\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\ro\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\ru\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\sk\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\sl\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\sr\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\sv\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\th\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\tr\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\uk\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\ur\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\vi\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\zh_CN\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\_locales\zh_TW\messages.json
c:\program files\AVAST Software\Avast\WebRep\IE\templates\clear_page.js
c:\program files\AVAST Software\Avast\WebRep\IE\templates\extension.css
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\avast-logo.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\avastlogo@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\fblike.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\flattr.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\google+.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\grey0-16.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_bug.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_bug@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_check.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_check@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_checkbig.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_checkbig@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_close.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_close@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_close_small.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_close_small@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_exclamationmark.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_exclamationmark@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_extensiontop.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_extensiontop_green.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_extensiontop_orange.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_extensiontop_red.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_eye.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_eye@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_maleware.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_maleware@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_norating_big.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_norating_big@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_norating_big2.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_norating_big2@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_rates.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_rates@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_siteforward.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_siteforward@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_thumbdown_big.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_thumbdown_big@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_thumblearn.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_thumblearn@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_thumbright_big.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_thumbright_big@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_thumbup_big.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_thumbup_big@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_warning.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icn_warning@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icnclose_small.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icnthumbdownsmall.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icnthumbdownsmall@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icnthumbsmall.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icnthumbsmall@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icon128.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icon256.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icon48.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\icon64.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\img_bg.jpg
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\inshare.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\logo_avast.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\logo_avastblack.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\logo_avastblack@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\logo_avastcolor.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\logo_avastcolor@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\logo_avastsmall.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\logo_avastsmall@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\pin.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\se_icn_green.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\se_icn_grey.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\se_icn_norating.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\se_icn_orange.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\se_icn_red.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\se_icn_thumbdown.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\se_icn_thumbneutral.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\se_icn_thumbup.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\switcher_dotgreen.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\switcher_dotgreen@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\switcher_dotorange.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\switcher_dotorange@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\switcher_dotred.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\switcher_dotred@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\switcher_greenbg.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\switcher_greenbg@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\switcher_orangebg.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\switcher_orangebg@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\switcher_redbg.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\switcher_redbg@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\switchersmall_dotgreen.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\switchersmall_dotgreen@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\switchersmall_dotred.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\switchersmall_dotred@2x.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\tumblr.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\tweet.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\vklike.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\img\xinglike.png
c:\program files\AVAST Software\Avast\WebRep\IE\templates\jquery-1.8.2.min.js
c:\program files\AVAST Software\Avast\WebRep\IE\templates\jquery.1.8.js
c:\program files\AVAST Software\Avast\WebRep\IE\templates\phishing.js
c:\program files\AVAST Software\Avast\WebRep\IE\templates\safezone.js
c:\program files\AVAST Software\Avast\WebRep\IE\templates\searchresults.js
c:\program files\AVAST Software\Avast\WebRep\IE\templates\sitecorrect.js
c:\program files\AVAST Software\Avast\WebRep\IE\templates\slidebar.js
c:\program files\AVAST Software\Avast\WebRep\IE\templates\template.html
c:\program files\AVAST Software\Avast\WebRep\Opera\wrc.oex
c:\program files\AVAST Software\Avast\WebRep\Safari\wrc.safariextz
c:\programdata\stwihos.dat
c:\windows\avastSS.scr
c:\windows\system32\aswBoot.exe
c:\windows\system32\drivers\aswFsBlk.sys
c:\windows\system32\drivers\aswMonFlt.sys
c:\windows\system32\drivers\aswRdr2.sys
c:\windows\system32\drivers\aswRvrt.sys
c:\windows\system32\drivers\aswSnx.sys
c:\windows\system32\drivers\aswsp.sys
c:\windows\system32\drivers\aswTdi.sys
c:\windows\system32\drivers\aswVmm.sys
c:\windows\Tasks\SpeedyPC Registration3.job
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASWFSBLK
-------\Legacy_ASWMONFLT
-------\Legacy_ASWRVRT
-------\Legacy_ASWSNX
-------\Legacy_ASWSP
-------\Legacy_ASWVMM
-------\Service_aswFsBlk
-------\Service_aswMonFlt
-------\Service_aswRvrt
-------\Service_aswSnx
-------\Service_aswSP
-------\Service_aswVmm
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-21 to 2013-12-21  )))))))))))))))))))))))))))))))
.
.
2013-12-21 01:01 . 2013-12-21 01:01    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-12-20 23:14 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{43B17CC7-B218-4DC0-91A0-9ECC321C9217}\mpengine.dll
2013-12-20 15:37 . 2013-12-20 20:09    --------    d-----w-    C:\AdwCleaner
2013-12-20 00:20 . 2013-12-20 15:12    --------    d-----w-    C:\FRST
2013-12-12 21:32 . 2013-12-12 21:32    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2013-12-05 21:34 . 2013-12-05 21:34    --------    d-----w-    c:\users\Bill\AppData\Local\Macromedia
2013-12-05 21:26 . 2013-09-11 02:28    271256    ----a-w-    c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 23:32 . 2012-04-10 23:02    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 23:32 . 2012-04-10 23:02    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-26 17:25 . 2010-11-21 03:27    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-08 03:09 . 2013-11-08 03:09    736952    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-10-02 09:02 . 2012-09-04 02:51    46368    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:32]
.
2013-12-21 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-12-11 19:24]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 22:57]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 22:57]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3193178433-3729681772-994535890-1001Core.job
- c:\users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-20 00:08]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3193178433-3729681772-994535890-1001UA.job
- c:\users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-20 00:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local


IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\u3nbeui9.default-1369882191062\

FF - ExtSQL: 2013-11-01 16:12; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-12-05 16:31; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\u3nbeui9.default-1369882191062\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - (no file)
WebBrowser-{3BBD3C14-4C16-4989-8366-95BC9179779D} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Avast - c:\program files\AVAST Software\Avast\Setup\Instup.exe
AddRemove-Webshots Desktop_is1 - c:\program files (x86)\Webshots\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-12-20  20:06:38 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-21 01:06
ComboFix2.txt  2013-12-20 23:24
ComboFix3.txt  2013-12-20 22:52
ComboFix4.txt  2010-02-15 18:28
.
Pre-Run: 937,996,656,640 bytes free
Post-Run: 937,421,828,096 bytes free
.
- - End Of File - - 4CA7F9277E76A606FB1A75A9E134799F
 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Select start > into the search box type regedit tap enter, Registry Editor will open.....

 

Expand the following key :-

 

HKEY_LOCAL_MACHINE >SOFTWARE > Policies > Microsoft > Windows > safer > codeidentifiers > 0

 

Do not expand the folder 0 Right click on that folder and choose "Export" save that to your desktop.

 

From the desktop right click on the reg file > select > send to > compressed (zipped) folder....

 

Attach to next reply,

 

Also from interest see if Malwarebytes runs OK if you boot to safe mode...

 

Kevin...

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Ok we make a registry backup with ERUNT, then continue.

 

  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.


erunt.png
 

 

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg :Reg

    :Reg[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{0F6D2EB3-610D-4F69-9247-4546093117A9}][-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{24310E1F-0322-4BA7-BB9E-2E9C6EAE4E3D}][-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{4AC50E56-03A1-4FB6-A3CA-6A0F4D6F37AB}][-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{528912B4-298B-42EE-B141-7A4C58D32F2D}][-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{798008D0-4CB8-4565-8065-69BD025B5F84}]:Files:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Thanks,

 

Kevin

Link to post
Share on other sites
fjbrad

fjbrad

Posted
  • Author
Posted

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{0F6D2EB3-610D-4F69-9247-4546093117A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F6D2EB3-610D-4F69-9247-4546093117A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{24310E1F-0322-4BA7-BB9E-2E9C6EAE4E3D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24310E1F-0322-4BA7-BB9E-2E9C6EAE4E3D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{4AC50E56-03A1-4FB6-A3CA-6A0F4D6F37AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4AC50E56-03A1-4FB6-A3CA-6A0F4D6F37AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{528912B4-298B-42EE-B141-7A4C58D32F2D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{528912B4-298B-42EE-B141-7A4C58D32F2D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{798008D0-4CB8-4565-8065-69BD025B5F84}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{798008D0-4CB8-4565-8065-69BD025B5F84}\ not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Bill
->Temp folder emptied: 3914 bytes
->Temporary Internet Files folder emptied: 11771182 bytes
->FireFox cache emptied: 21544281 bytes
->Google Chrome cache emptied: 8970942 bytes
->Flash cache emptied: 57165 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 347005284 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 215373 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43499976 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 413.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 12212013_152759

Files moved on Reboot...
C:\Users\Bill\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

Registry entries deleted on Reboot...
 

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 11.9.900.170  
 Adobe Reader XI  
 Mozilla Firefox (26.0)
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Is Malwarebytes ok now, Also what is happening with your security programs. Original Combofix log did show AVG as your active security and Avast as inactive, I gave a script to remove Avast as two security programs is counterproductive.

Now Security Check log is indicating no AV program installed, did you also uninstall AVG..

Link to post
Share on other sites
fjbrad

fjbrad

Posted
  • Author
Posted

Malwarebytes seems to be OK although the desktop icon has a blue and yellow shield superimposed on it.

 

AVG was uninstalled a couple of months ago and Avast was the active AV. I will reinstall it.

 

I'm curious about the mwb log, Windows XP?

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.21.07

Windows XP Service Pack 2 x64 NTFS

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Shortcut icons with the shield need administrator privileges to run.  Most of these will give you a UAC pop-up or need to be run by right-clicking and choosing "run as administrator". That is normal for Windows 7.

 

Regarding the other issues you mention, I have to admit i`m not really certain what infection create the group policy change . I have no explanation for the registry hacks we clear that initially stop MB from running, also if noted there were other security app blocks in the same registry key.

 

It was noted in the FRST log that there was a Group Policy change, the FRST fix did report a correction, unfortunately this was not so and the manual search and removal did remove those issues..

 

If your system is now ok with no issues or concerns do the following:

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

OK, we continue:

 

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 

  •  

       

  • Activate UAC

     

       

  • Remove disinfection tools

     

       

  • Create registry backup

     

       

  • Purge System Restore

     

       

  • Reset system settings

     

     

 

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT\Delfix

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we can close out....

 

Kevin

 

 

 

 

fixlist.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.