Solved PUP.CrossFire.SA

Koinos · 2013/05/05

[Resolved] PUP.CrossFire.SA

Helping a co-worker fix issues on her HP Pavilion laptop.
Has Windows 7 Ultimate (64bit) with SP1 installed.
Was having start-up issues, redirects, crashes.
I found no Antivirus installed and installed AT&T Internet Security Suite, Antivirus (McAfee).
Made sure it was updated and ran full system scan, found and quarantined 7 Trojans.
I also installed and ran Malwarebytes (28), SuperAntiSpyware (51), SpyBot (2), AdAware (2) and SpyBot S&D (2).
Updated and ran each after updating and each found and cleared (#) items seen above.
Was doing some clean-up of temporary and log files and as soon as I launched Firefox began seeing popups again.
Ran MBAM quick scan and seeing same registry keys detected and showing deleted.
Keep seeing 'Strongvault Online Backup' starting on its own in task manager but unsure if its a valid program.

So I've got something self-replicating and could use some help.
Thanks for your time.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wendy :: WENDY-PC [administrator]

5/4/2013 7:26:05 PM
mbam-log-2013-05-04 (19-26-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221196
Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\Interface\{66666666-6666-6666-6666-660066466639} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044464439} (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2
Run by Wendy at 19:36:59 on 2013-05-04
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4086.2740 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
C:\Users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Wendy\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\mcafee.com\agent\McUpdate.exe
c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla FireFox\firefox.exe
C:\Program Files (x86)\Mozilla FireFox\plugin-container.exe
C:\Program Files (x86)\Mozilla FireFox\plugin-container.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mg205.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=5kugr0l6aeb48&.lts=1367180898
uSearch Bar = Preserve
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={FC85ADA5-98EE-11E2-8524-001E68B69C84}
uURLSearchHooks: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll
uURLSearchHooks: MixiDJ V37 Toolbar: {eef3855c-fc2d-41e6-8d91-d368f51b3055} - C:\Program Files (x86)\MixiDJ_V37\prxtbMixi.dll
mURLSearchHooks: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll
mURLSearchHooks: MixiDJ V37 Toolbar: {eef3855c-fc2d-41e6-8d91-d368f51b3055} - C:\Program Files (x86)\MixiDJ_V37\prxtbMixi.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: GetSavin 5.0: {1766FEFF-F32C-413D-ABF4-85119880246C} - C:\Users\Wendy\AppData\Local\getsavin\ie\getsavin_1367175542.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: MixiDJ V37 Toolbar: {eef3855c-fc2d-41e6-8d91-d368f51b3055} - C:\Program Files (x86)\MixiDJ_V37\prxtbMixi.dll
BHO: HP Print Clips: {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
TB: WhiteSmoke New Toolbar: {739DF940-C5EE-4BAB-9D7E-270894AE687A} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll
TB: MixiDJ V37 Toolbar: {EEF3855C-FC2D-41E6-8D91-D368F51B3055} - C:\Program Files (x86)\MixiDJ_V37\prxtbMixi.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll
TB: MixiDJ V37 Toolbar: {eef3855c-fc2d-41e6-8d91-d368f51b3055} - C:\Program Files (x86)\MixiDJ_V37\prxtbMixi.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [PhotoShow Deluxe Media Manager] C:\PROGRA~2\Ahead\Ahead\data\Xtras\mssysmgr.exe
uRun: [BackupAgent] C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [SearchProtect] C:\Users\Wendy\AppData\Roaming\SearchProtect\bin\cltmng.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QlbCtrl] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe "
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0 "
mRun: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe "
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe "
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe "
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SMessaging] "C:\Users\Wendy\AppData\Local\Strongvault Online Backup\SMessaging.exe "
mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe "
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe "
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
StartupFolder: C:\Users\Wendy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{55526514-9B48-4105-9F0B-7FEABC34EAA0} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6639E54B-A4DE-48E3-A589-9ED3A4AA8BC5} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe "
x64-Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI=UN23847182794437520&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MixiDJ V37 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=61&CUI=UN23847182794437520&UM=2&UP=SP6486C803-F761-4E88-920F-E8331C8A8260
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN23847182794437520&UM=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\supportsoft\bin\nptgctlsi.dll
FF - plugin: C:\Program Files (x86)\Common Files\supportsoft\bin\nptgctlsr.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Users\Wendy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-29 21:05; infoatoms@infoatoms.com; C:\Program Files (x86)\Mozilla FireFox\extensions\infoatoms@infoatoms.com
FF - ExtSQL: 2013-04-28 13:02; {eef3855c-fc2d-41e6-8d91-d368f51b3055}; C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}
FF - ExtSQL: 2013-05-02 21:37; {87934c42-161d-45bc-8cef-ef18abe2a30c}; C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: 2013-05-04 10:00; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-05-04 14:37; jid1-yZwVFzbsyfMrqQ@jetpack; C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: !HIDDEN! 2013-03-29 21:05; infoatoms@infoatoms.com; C:\Program Files (x86)\Mozilla FireFox\extensions\infoatoms@infoatoms.com
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-5-2 14456]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-2-19 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-2-19 340216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-11-20 55952]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-5-2 70112]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-5-2 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-5-2 515968]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2013-5-2 196440]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2013-5-2 106552]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-9-21 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-9-24 59392]
.
=============== Created Last 30 ================
.
2013-05-05 00:06:44 -------- d-----w- C:\Users\Wendy\AppData\Roaming\SearchProtect
2013-05-03 05:11:00 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus
2013-05-03 05:10:59 -------- d-----w- C:\Users\Wendy\AppData\Roaming\LavasoftStatistics
2013-05-03 04:38:20 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2013-05-03 04:37:44 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-05-03 04:37:41 -------- d-----w- C:\Users\Wendy\AppData\Local\adawarebp
2013-05-03 04:37:41 -------- d-----w- C:\ProgramData\blekko toolbars
2013-05-03 04:37:39 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2013-05-03 04:37:33 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2013-05-03 04:37:22 -------- d-----w- C:\Program Files (x86)\adawaretb
2013-05-03 04:35:50 47496 ----a-w- C:\Windows\System32\sbbd.exe
2013-05-03 04:35:50 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-05-03 04:35:46 -------- d-----w- C:\Users\Wendy\AppData\Roaming\Ad-Aware Antivirus
2013-05-03 04:35:06 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-05-03 04:34:53 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-05-03 04:34:45 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-05-03 04:31:35 -------- d-----w- C:\Users\Wendy\AppData\Roaming\Malwarebytes
2013-05-03 04:31:15 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-03 04:31:12 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-03 04:31:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-03 04:29:16 -------- d-----w- C:\Users\Wendy\AppData\Roaming\SUPERAntiSpyware.com
2013-05-03 04:28:53 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-05-03 04:28:53 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-05-03 01:16:45 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2013-05-03 01:16:25 -------- d-----w- C:\Program Files (x86)\McAfee.com
2013-05-03 01:16:21 10728 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2013-05-03 01:16:20 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2013-05-03 01:16:17 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-05-03 01:16:17 515968 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-05-03 01:16:17 309840 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-05-03 01:16:17 106552 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2013-05-03 01:16:11 -------- d-----w- C:\Program Files\Common Files\McAfee
2013-05-03 01:16:06 -------- d-----w- C:\Program Files\McAfee.com
2013-05-03 01:16:06 -------- d-----w- C:\Program Files\McAfee
2013-05-03 01:16:03 -------- d-----w- C:\Program Files (x86)\McAfee
2013-05-03 01:07:28 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-04-28 21:18:43 -------- d-----w- C:\Users\Wendy\AppData\Local\MPlayer
2013-04-28 20:03:29 -------- d-----w- C:\Program Files (x86)\Iminent
2013-04-28 20:03:21 -------- d-----w- C:\Program Files (x86)\MixiDJ_V37
2013-04-28 19:05:44 -------- d-----w- C:\Users\Wendy\AppData\Local\Mozilla
2013-04-28 18:53:49 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-22 03:48:23 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16718312-B72F-49AC-BAA4-A30281DCC7AC}\mpengine.dll
2013-04-22 03:33:31 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-04-22 03:33:30 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-04-22 03:33:30 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-04-22 03:33:30 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-04-22 03:17:59 441856 ----a-w- C:\Windows\System32\Wpc.dll
2013-04-22 03:14:12 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-04-21 22:06:45 5071600 ----a-w- C:\ProgramData\pclunst.exe
2013-04-21 22:06:44 -------- d-----w- C:\ProgramData\PC1Data
2013-04-21 21:03:02 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-04-21 21:03:01 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-04-21 21:03:00 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-04-21 21:03:00 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-04-21 21:03:00 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-04-21 21:03:00 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-04-21 21:02:52 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-21 21:02:02 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-21 21:02:02 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-21 20:33:08 -------- d-----w- C:\Users\Wendy\AppData\Roaming\player
2013-04-21 20:26:29 -------- d-----w- C:\Users\Wendy\AppData\Local\SwvUpdater
2013-04-21 20:25:59 -------- d-----w- C:\Program Files (x86)\SearchProtect
2013-04-21 20:25:41 -------- d-----w- C:\Program Files (x86)\Conduit
2013-04-21 20:25:40 -------- d-----w- C:\Users\Wendy\AppData\Local\Conduit
2013-04-21 20:25:40 -------- d-----w- C:\Program Files (x86)\WhiteSmoke_New
2013-04-21 20:24:51 -------- d-----w- C:\Users\Wendy\AppData\Roaming\Roxio Burn
.
==================== Find3M ====================
.
2013-04-28 18:53:43 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-28 18:53:43 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-30 03:16:58 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-30 03:16:58 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-12 08:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-19 20:56:26 340216 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2013-02-19 20:54:32 771536 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2013-02-19 20:52:44 179280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH: 19:38:17.96 ===============

Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 9/27/2011 7:54:39 PM
System Uptime: 5/4/2013 7:07:25 PM (0 hours ago)
.
Motherboard: Quanta | | 30CC
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 2000/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 164.981 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.917 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP68: 4/28/2013 11:46:35 AM - Windows Defender Checkpoint
RP69: 4/28/2013 11:52:53 AM - Installed Java 7 Update 21
RP70: 4/28/2013 1:07:43 PM - Removed The Simsâ„¢ Life Stories.
RP71: 4/28/2013 1:18:40 PM - Configured YouCam
RP72: 4/28/2013 1:23:50 PM - Quitado VAFPlayer
RP73: 5/4/2013 2:37:44 PM - C
RP74: 5/4/2013 4:53:04 PM - S
RP75: 5/4/2013 5:03:19 PM - S
RP77: 5/4/2013 5:24:21 PM - Removed service pack backup files
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
Hosts: 127.0.0.1 ox-d.majorgeeks.com
Hosts: 127.0.0.1 ads.bleepingcomputer.com
Hosts: 127.0.0.1 wdcs.trendmicro.com
Hosts: 149.5.18.172 www.google-analytics.com.
Hosts: 149.5.18.172 ad-emea.doubleclick.net.
Hosts: 149.5.18.172 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware Antivirus
Ad-Aware Security Add-on
Adobe Flash Player 11 ActiveX
Adobe Reader XI
Adobe Shockwave Player 11.6
AT&T Quick Fix Client
AviSynth 2.5
Canon MP Navigator EX 1.0
Canon MX310 series
Canon MX310 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
CyberLink YouCam
DefaultTab
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX 9 Runtime
DivX Setup
DomaIQ
Download Updater (AOL Inc.)
DVD Suite
EA Link
Face Filter
GetSavin
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C3
HP Smart Web Printing
HP Update
HP User Guides 0087
HP Wireless Assistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
InfoAtoms
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 2
JavaFX 2.1.1
LabelPrint
LightScribe System Software 1.10.13.1
LiveUpdate (Symantec Corporation)
LP Recorder
LP Ripper
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee SecurityCenter
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Works
MixiDJ V37 Toolbar
Motorola SM56 Data Fax Modem
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Mplayer 0.6.9
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Nero PhotoShow Express
Nero Suite
neroxml
PIXMA Extended Survey Program
Power2Go
PowerDirector
PSSWCORE
RBVirtualFolder64Inst
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Roxio Burn
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2012 Special Edition
Roxio Creator Content 2012
Roxio PhotoShow
Roxio Video Capture USB
Search Protect by conduit
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Shared C Run-time for x64
SmartSound Common Data
SmartSound Quicktracks 5
SmartSound Quicktracks Plugin
SPBBC 64bit
Spybot - Search & Destroy
Strongvault Online Backup
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
The Simsâ„¢ Life Stories
Triple Scoop Music
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
VD64Inst
VideoToolkit01
Viewpoint Media Player
Wave Corrector DeClick version 1.1
WeatherBug Gadget
WhiteSmoke New Toolbar
Yahoo! BrowserPlus 2.9.8
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/4/2013 7:08:35 PM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
5/4/2013 7:04:55 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
5/4/2013 12:12:46 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A system shutdown is in progress.
5/3/2013 5:47:48 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
4/28/2013 1:03:32 PM, Error: Service Control Manager [7030] - The SProtection service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

broni · 2013/05/05

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

You're running two AV programs, McAfee and Lavasoft Ad-Aware.
You must uninstall one of them.
I suggest Lavasoft goes.

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

Unzip downloaded file.

Open the folder where the contents were unzipped and run mbar.exe

Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

Click on the Cleanup button to remove any threats and reboot if prompted to do so.

Wait while the system shuts down and the cleanup process is performed.

Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

Koinos · 2013/05/05

Ad-aware deleted

RKreport[1]_S_05052013_02d1605.txt
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Wendy [Admin rights]
Mode : Scan -- Date : 05/05/2013 16:05:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] cltmng.exe -- C:\Users\Wendy\AppData\Roaming\SearchProtect\bin\cltmng.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Wendy\AppData\Roaming\SearchProtect\bin\cltmng.exe) [7] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3851552987-2318920240-1996636540-1000[...]\Run : SearchProtect (C:\Users\Wendy\AppData\Roaming\SearchProtect\bin\cltmng.exe) [7] -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : SMessaging ( "C:\Users\Wendy\AppData\Local\Strongvault Online Backup\SMessaging.exe ") [7] -> FOUND
[TASK][SUSP PATH] TidyNetwork Update : C:\Users\Wendy\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost #[IPv6]
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 csh.actiondesk.com
127.0.0.1 www.activemeter.com #[Tracking.Cookie]
127.0.0.1 ads.activepower.net
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVS-60UST0 +++++
--- User ---
[MBR] f5a71b6da0e92af75e0035602d06a874
[BSP] 4cd0cd1dcf2c94def119e81f6df932b5 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 225302 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 461418930 | Size: 13170 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05052013_02d1605.txt >>

RKreport[2]_D_05052013_02d1610.txt
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Wendy [Admin rights]
Mode : Remove -- Date : 05/05/2013 16:10:14
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] cltmng.exe -- C:\Users\Wendy\AppData\Roaming\SearchProtect\bin\cltmng.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Wendy\AppData\Roaming\SearchProtect\bin\cltmng.exe) [7] -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : SMessaging ( "C:\Users\Wendy\AppData\Local\Strongvault Online Backup\SMessaging.exe ") [7] -> DELETED
[TASK][SUSP PATH] TidyNetwork Update : C:\Users\Wendy\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost #[IPv6]
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 csh.actiondesk.com
127.0.0.1 www.activemeter.com #[Tracking.Cookie]
127.0.0.1 ads.activepower.net
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVS-60UST0 +++++
--- User ---
[MBR] f5a71b6da0e92af75e0035602d06a874
[BSP] 4cd0cd1dcf2c94def119e81f6df932b5 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 225302 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 461418930 | Size: 13170 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05052013_02d1610.txt >>

mbar-log-2013-05-05 (16-25-40).txt
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.05.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wendy :: WENDY-PC [administrator]

5/5/2013 4:25:40 PM
mbar-log-2013-05-05 (16-25-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29333
Time elapsed: 12 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055465539} (PUP.CrossFire.SA) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{44444444-4444-4444-4444-440044464439} (PUP.CrossFire.SA) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660066466639} (PUP.CrossFire.SA) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

mbar-log-2013-05-05 (16-50-16).txt
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.05.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wendy :: WENDY-PC [administrator]

5/5/2013 4:50:16 PM
mbar-log-2013-05-05 (16-50-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29355
Time elapsed: 13 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

system-log.txt
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4284932096, free: 3048910848

------------ Kernel report ------------
05/05/2013 16:12:49
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netw5v64.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\drivers\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmpx64.sys
\SystemRoot\system32\DRIVERS\rimspx64.sys
\SystemRoot\system32\DRIVERS\rixdpx64.sys
\SystemRoot\system32\DRIVERS\HpqRemHid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\smserial.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004b82790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa800473e050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.05.05.07
Downloaded database version: v2013.05.01.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004b82790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004b822c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004b82790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800473fa40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800473e050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00e0b3a40, 0xfffffa8004b82790, 0xfffffa8004b93790
Lower DeviceData: 0xfffff8a01452d8e0, 0xfffffa800473e050, 0xfffffa800723a240
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6CB26CB2

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 461418867
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 461418930 Numsec = 26973135

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055465539} --> [PUP.CrossFire.SA]
Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{44444444-4444-4444-4444-440044464439} --> [PUP.CrossFire.SA]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660066466639} --> [PUP.CrossFire.SA]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4284932096, free: 2916843520

Removal queue found; removal started
Removal finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4284932096, free: 2863775744

------------ Kernel report ------------
05/05/2013 16:33:06
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netw5v64.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\drivers\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmpx64.sys
\SystemRoot\system32\DRIVERS\rimspx64.sys
\SystemRoot\system32\DRIVERS\rixdpx64.sys
\SystemRoot\system32\DRIVERS\HpqRemHid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\smserial.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\cfwids.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80057d5060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa80046d8050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80057d5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80057cd7f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80057d5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80046d9e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80046d8050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00e3641b0, 0xfffffa80057d5060, 0xfffffa80089ca090
Lower DeviceData: 0xfffff8a00e8321a0, 0xfffffa80046d8050, 0xfffffa8006bc0920
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6CB26CB2

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 461418867
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 461418930 Numsec = 26973135

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

broni · 2013/05/05

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Koinos · 2013/05/05

ComboFix had completed after nearly an hour and self restart but IE, Firefox, Windows Explore and others all display error pop-up stating "Illegal operation attempted on a registry key that has been marked for deletion" whenever I attempt to launch them.
Have not yet restarted machine.
Run Restore?

ComboFix file below.

ComboFix 13-05-05.01 - Wendy 05/05/2013 18:44:53.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4086.2532 [GMT -7:00]
Running from: c:\users\Wendy\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DefaultTab
c:\program files (x86)\DefaultTab\DefaultTab.crx
c:\program files (x86)\DefaultTab\DefaultTabSearch.exe
c:\program files (x86)\DefaultTab\uid
c:\users\Wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0B0BB655-9FD0-424A-9C5C-31F8989230C6}.xps
c:\users\Wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0C74810D-181B-42E1-A5C5-B4F89B04BC01}.xps
c:\users\Wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1F193B8E-4E7E-49DC-9F8C-164E349EC5ED}.xps
c:\users\Wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{330CF371-B2CE-4946-BAC9-74500FB03E90}.xps
c:\users\Wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6EA00E82-55EC-4D2A-8023-B616330DAE90}.xps
c:\users\Wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7C7DB59C-CFE5-498E-875C-06380BCEA523}.xps
c:\users\Wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{935F7675-7088-4E4F-8D95-28C5BD458954}.xps
c:\users\Wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{995E361C-BFA6-4471-A31D-B39870E810F6}.xps
c:\users\Wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B6D25299-3399-4E51-89AC-3B7675DE35ED}.xps
c:\users\Wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C33FEC65-4C29-46C7-9571-B128421B876C}.xps
c:\users\Wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DE73D285-16AB-4B6A-9FA4-73CAF3DEA83A}.xps
c:\users\Wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E8242B9D-8DE6-4BF6-AF77-D63AC4A1ADDA}.xps
c:\users\Wendy\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FEF9A3D7-6F22-45B5-81BA-71DA9418A84C}.xps
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\imdb_ie.ico
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\update.exe
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico
c:\windows\SysWow64\KBL.LOG
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabSearch
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2013-04-06 to 2013-05-06 )))))))))))))))))))))))))))))))
.
.
2013-05-06 02:27 . 2013-05-06 02:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-06 00:14 . 2013-05-06 00:14 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-05-06 00:14 . 2013-05-06 00:14 96664 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-05-06 00:14 . 2013-05-06 00:14 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-05-06 00:14 . 2013-05-06 00:14 170232 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-05-05 00:06 . 2013-05-05 00:06 -------- d-----w- c:\users\Wendy\AppData\Roaming\SearchProtect
2013-05-03 05:10 . 2013-05-03 05:10 -------- d-----w- c:\users\Wendy\AppData\Roaming\LavasoftStatistics
2013-05-03 04:37 . 2013-05-03 04:37 -------- d-----w- c:\programdata\Downloaded Installations
2013-05-03 04:37 . 2013-05-03 04:37 -------- d-----w- c:\users\Wendy\AppData\Local\adawarebp
2013-05-03 04:37 . 2013-05-03 04:37 -------- d-----w- c:\programdata\blekko toolbars
2013-05-03 04:37 . 2013-05-03 04:37 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-05-03 04:37 . 2013-05-03 04:37 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-05-03 04:37 . 2013-05-03 04:37 -------- d-----w- c:\program files (x86)\adawaretb
2013-05-03 04:35 . 2013-05-03 04:35 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-05-03 04:35 . 2013-05-04 23:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-03 04:34 . 2009-01-25 19:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-05-03 04:34 . 2013-05-03 04:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-05-03 04:31 . 2013-05-03 04:31 -------- d-----w- c:\users\Wendy\AppData\Roaming\Malwarebytes
2013-05-03 04:31 . 2013-05-03 04:31 -------- d-----w- c:\programdata\Malwarebytes
2013-05-03 04:31 . 2013-05-03 04:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-03 04:31 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-03 04:29 . 2013-05-03 04:29 -------- d-----w- c:\users\Wendy\AppData\Roaming\SUPERAntiSpyware.com
2013-05-03 04:28 . 2013-05-03 04:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-05-03 04:28 . 2013-05-03 04:28 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-05-03 01:16 . 2012-04-20 23:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-05-03 01:16 . 2013-02-19 20:55 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-05-03 01:16 . 2013-05-03 01:16 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2013-05-03 01:16 . 2013-02-19 20:59 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-05-03 01:16 . 2013-02-19 20:55 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-05-03 01:16 . 2013-02-19 20:53 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-05-03 01:16 . 2013-02-19 20:53 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-05-03 01:16 . 2013-05-03 01:16 -------- d-----w- c:\program files\Common Files\McAfee
2013-05-03 01:16 . 2013-05-03 01:16 -------- d-----w- c:\program files\McAfee
2013-05-03 01:16 . 2013-05-04 00:40 -------- d-----w- c:\program files (x86)\McAfee
2013-05-03 01:07 . 2013-02-19 20:56 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-04-28 21:18 . 2013-04-28 21:18 -------- d-----w- c:\users\Wendy\AppData\Local\MPlayer
2013-04-28 20:15 . 2013-04-28 20:15 -------- d-----w- c:\programdata\AOL
2013-04-28 20:03 . 2013-05-02 04:51 -------- d-----w- c:\program files (x86)\Iminent
2013-04-28 20:03 . 2013-04-28 20:03 -------- d-----w- c:\program files (x86)\MixiDJ_V37
2013-04-28 19:05 . 2013-04-28 19:05 -------- d-----w- c:\users\Wendy\AppData\Local\Mozilla
2013-04-28 18:53 . 2013-04-28 18:53 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-22 03:48 . 2013-04-17 13:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16718312-B72F-49AC-BAA4-A30281DCC7AC}\mpengine.dll
2013-04-22 03:33 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-04-22 03:33 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-04-22 03:33 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-04-22 03:33 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-04-22 03:31 . 2013-04-22 03:31 -------- d-----w- c:\program files\Microsoft Silverlight
2013-04-22 03:31 . 2013-04-22 03:31 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-04-22 03:17 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll
2013-04-22 03:14 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-04-21 22:06 . 2013-04-21 22:04 5071600 ----a-w- c:\programdata\pclunst.exe
2013-04-21 22:06 . 2013-04-21 22:06 -------- d-----w- c:\programdata\PC1Data
2013-04-21 21:03 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-21 21:03 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-21 21:03 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-21 21:03 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-04-21 21:03 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-21 21:03 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-21 21:02 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-21 21:02 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-04-21 21:02 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-21 20:33 . 2013-04-28 20:24 -------- d-----w- c:\users\Wendy\AppData\Roaming\player
2013-04-21 20:26 . 2013-05-04 07:08 -------- d-----w- c:\users\Wendy\AppData\Local\SwvUpdater
2013-04-21 20:25 . 2013-04-21 20:26 -------- d-----w- c:\program files (x86)\SearchProtect
2013-04-21 20:25 . 2013-04-21 20:25 -------- d-----w- c:\program files (x86)\Conduit
2013-04-21 20:25 . 2013-04-28 20:03 -------- d-----w- c:\users\Wendy\AppData\Local\Conduit
2013-04-21 20:25 . 2013-04-21 20:25 -------- d-----w- c:\program files (x86)\WhiteSmoke_New
2013-04-21 20:24 . 2013-04-21 20:24 -------- d-----w- c:\users\Wendy\AppData\Roaming\Roxio Burn
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-03 02:01 . 2012-07-18 00:36 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-05-03 02:00 . 2011-10-25 01:35 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-05-03 02:00 . 2011-10-25 01:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-05-03 01:59 . 2011-10-25 01:34 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-04-28 18:53 . 2012-08-05 21:17 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-28 18:53 . 2012-04-09 01:27 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-02 02:58 . 2012-09-22 07:25 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-30 03:16 . 2012-05-12 17:33 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-30 03:16 . 2011-11-07 01:01 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 08:10 . 2011-09-28 03:10 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-02-19 20:56 . 2013-02-19 20:56 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 20:54 . 2013-02-19 20:54 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-19 20:52 . 2013-02-19 20:52 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-02-12 05:45 . 2013-04-22 03:17 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-04-22 03:17 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-04-22 03:17 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-04-22 03:17 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-04-22 03:17 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-04-22 03:17 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{739df940-c5ee-4bab-9d7e-270894ae687a} "= "c:\program files (x86)\WhiteSmoke_New\prxtbWhit.dll" [2013-03-05 231168]
"{eef3855c-fc2d-41e6-8d91-d368f51b3055} "= "c:\program files (x86)\MixiDJ_V37\prxtbMixi.dll" [2013-04-10 231712]
.
[HKEY_CLASSES_ROOT\clsid\{739df940-c5ee-4bab-9d7e-270894ae687a}]
.
[HKEY_CLASSES_ROOT\clsid\{eef3855c-fc2d-41e6-8d91-d368f51b3055}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1766FEFF-F32C-413D-ABF4-85119880246C}]
2013-04-28 18:59 78648 ----a-w- c:\users\Wendy\AppData\Local\getsavin\ie\getsavin_1367175542.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2013-02-11 10:47 87464 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{739df940-c5ee-4bab-9d7e-270894ae687a}]
2013-03-05 12:37 231168 ----a-w- c:\program files (x86)\WhiteSmoke_New\prxtbWhit.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{eef3855c-fc2d-41e6-8d91-d368f51b3055}]
2013-04-10 10:19 231712 ----a-w- c:\program files (x86)\MixiDJ_V37\prxtbMixi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{739df940-c5ee-4bab-9d7e-270894ae687a} "= "c:\program files (x86)\WhiteSmoke_New\prxtbWhit.dll" [2013-03-05 231168]
"{eef3855c-fc2d-41e6-8d91-d368f51b3055} "= "c:\program files (x86)\MixiDJ_V37\prxtbMixi.dll" [2013-04-10 231712]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c} "= "c:\program files (x86)\adawaretb\adawareDx.dll" [2013-02-11 87464]
.
[HKEY_CLASSES_ROOT\clsid\{739df940-c5ee-4bab-9d7e-270894ae687a}]
.
[HKEY_CLASSES_ROOT\clsid\{eef3855c-fc2d-41e6-8d91-d368f51b3055}]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel "= "c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-24 455968]
"PhotoShow Deluxe Media Manager "= "c:\progra~2\Ahead\Ahead\data\Xtras\mssysmgr.exe" [2004-05-12 196608]
"BackupAgent "= "c:\program files (x86)\Strongvault Online Backup\BackupAgent.exe" [2013-03-19 197448]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
"Spybot-S&D Cleaning "= "c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
"SearchProtect "= "c:\users\Wendy\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-04-11 2730784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon "= "c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"hpWirelessAssistant "= "c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"QPService "= "c:\program files (x86)\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"UCam_Menu "= "c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"WAWifiMessage "= "c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"DivXUpdate "= "c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RoxWatchTray "= "c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2011-07-13 293360]
"ISUSPM "= "c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]
"CPMonitor "= "c:\program files (x86)\Roxio 2012\5.0\CPMonitor.exe" [2011-07-08 84464]
"Desktop Disc Tool "= "c:\program files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe" [2011-06-13 506352]
"Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"HP Software Update "= "c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SearchProtectAll "= "c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-04-11 2730784]
"SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-14 1532992]
"SDTray "= "c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"Ad-Aware Browsing Protection "= "c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
.
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2011-07-13 340976]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files (x86)\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe [x]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2011-07-13 1095664]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-23 1255736]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-05-03 14456]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-05-24 55952]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-04-11 93984]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 03:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "= "RAVCpl64.exe" [2007-10-09 5429760]
"SMSERIAL "= "c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 833536]
"IAAnotif "= "c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"OnScreenDisplay "= "c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 701440]
"CanonSolutionMenu "= "c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us.mg205.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=5kugr0l6aeb48&.lts=1367180898
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={FC85ADA5-98EE-11E2-8524-001E68B69C84}
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI=UN23847182794437520&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MixiDJ V37 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=61&CUI=UN23847182794437520&UM=2&UP=SP6486C803-F761-4E88-920F-E8331C8A8260
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN23847182794437520&UM=2&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-29 21:05; infoatoms@infoatoms.com; c:\program files (x86)\Mozilla FireFox\extensions\infoatoms@infoatoms.com
FF - ExtSQL: 2013-04-28 13:02; {eef3855c-fc2d-41e6-8d91-d368f51b3055}; c:\users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}
FF - ExtSQL: 2013-05-02 21:37; {87934c42-161d-45bc-8cef-ef18abe2a30c}; c:\users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: 2013-05-04 10:00; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-05-04 14:37; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: !HIDDEN! 2013-03-29 21:05; infoatoms@infoatoms.com; c:\program files (x86)\Mozilla FireFox\extensions\infoatoms@infoatoms.com
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
Wow6432Node-HKLM-Run-QlbCtrl - %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
WebBrowser-{739DF940-C5EE-4BAB-9D7E-270894AE687A} - (no file)
WebBrowser-{EEF3855C-FC2D-41E6-8D91-D368F51B3055} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DefaultTab - c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@SACL=
@= "FlashProp Class "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@SACL=
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.11 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue "=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution "= "{15727DE6-F92D-4E46-ACB4-0E2C58B31A18} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key "= "ActionsPane3 "
"Location "= "c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
.
**************************************************************************
.
Completion time: 2013-05-05 19:38:05 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-06 02:38
.
Pre-Run: 176,927,592,448 bytes free
Post-Run: 176,221,143,040 bytes free
.
- - End Of File - - 03CE21CA8AD3D1A00506170C8EDC38DE

broni · 2013/05/05

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
Click to expand...

.....

broni · 2013/05/05

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::

Folder::
c:\users\Wendy\AppData\Roaming\LavasoftStatistics
c:\users\Wendy\AppData\Local\adawarebp
c:\programdata\Ad-Aware Browsing Protection
c:\program files (x86)\adawaretb
c:\program files (x86)\WhiteSmoke_New


Driver::

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
 "{6c97a91e-4524-4019-86af-2aa2d567bf5c} "=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
 "Ad-Aware Browsing Protection "=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
 "{739df940-c5ee-4bab-9d7e-270894ae687a} "=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{739df940-c5ee-4bab-9d7e-270894ae687a}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
 "{739df940-c5ee-4bab-9d7e-270894ae687a} "=-

ClearJavaCache::
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Koinos · 2013/05/05

Sorry, misunderstood that to mean while ComboFix was scanning.
Restarted and working.
Last post for tonight.

ComboFix 13-05-05.01 - Wendy 05/05/2013 21:15:40.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4086.3057 [GMT -7:00]
Running from: c:\users\Wendy\Desktop\ComboFix.exe
Command switches used :: c:\users\Wendy\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\adawaretb
c:\program files (x86)\adawaretb\adawareDx.dll
c:\program files (x86)\adawaretb\adawaretb.dll
c:\program files (x86)\adawaretb\chrome\content\custom.js
c:\program files (x86)\adawaretb\chrome\content\lib\about.xml
c:\program files (x86)\adawaretb\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\adawaretb\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\adawaretb\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\adawaretb\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\adawaretb\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\adawaretb\chrome\content\lib\dtxwin.xul
c:\program files (x86)\adawaretb\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\adawaretb\chrome\content\lib\external.js
c:\program files (x86)\adawaretb\chrome\content\lib\neterror.xhtml
c:\program files (x86)\adawaretb\chrome\content\lib\rsspreview.html
c:\program files (x86)\adawaretb\chrome\content\lib\rsswin.xml
c:\program files (x86)\adawaretb\chrome\content\lib\rsswin.xsl
c:\program files (x86)\adawaretb\chrome\content\modules\datastore.jsm
c:\program files (x86)\adawaretb\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\adawaretb\chrome\content\newtab\images\bullet.gif
c:\program files (x86)\adawaretb\chrome\content\newtab\images\field_bg.gif
c:\program files (x86)\adawaretb\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files (x86)\adawaretb\chrome\content\newtab\images\top_image.png
c:\program files (x86)\adawaretb\chrome\content\newtab\newtab.html
c:\program files (x86)\adawaretb\chrome\content\preferences.xml
c:\program files (x86)\adawaretb\chrome\content\toolbar.htm
c:\program files (x86)\adawaretb\chrome\content\toolbar.xul
c:\program files (x86)\adawaretb\chrome\content\widgets\com.mystart.BrowserHistoryCleaner\tb_icon.png
c:\program files (x86)\adawaretb\chrome\content\widgets\com.mystart.BrowserHistoryCleaner\widget.js
c:\program files (x86)\adawaretb\chrome\content\widgets\com.mystart.BrowserHistoryCleaner\widget.xml
c:\program files (x86)\adawaretb\chrome\content\widgets\net.vmn.www.BrowserDataCleaner\ClearBrowserDataDialog.xml
c:\program files (x86)\adawaretb\chrome\content\widgets\net.vmn.www.BrowserDataCleaner\tb_icon.png
c:\program files (x86)\adawaretb\chrome\content\widgets\net.vmn.www.BrowserDataCleaner\widget.js
c:\program files (x86)\adawaretb\chrome\content\widgets\net.vmn.www.BrowserDataCleaner\widget.xml
c:\program files (x86)\adawaretb\chrome\content\widgets\net.vmn.www.ToolbarCleaner\tb_icon.png
c:\program files (x86)\adawaretb\chrome\content\widgets\net.vmn.www.ToolbarCleaner\widget.js
c:\program files (x86)\adawaretb\chrome\content\widgets\net.vmn.www.ToolbarCleaner\widget.xml
c:\program files (x86)\adawaretb\chrome\data\search\engines.xml
c:\program files (x86)\adawaretb\chrome\data\search\search.xsl
c:\program files (x86)\adawaretb\chrome\locale\lib\de.js
c:\program files (x86)\adawaretb\chrome\locale\lib\en.js
c:\program files (x86)\adawaretb\chrome\locale\lib\es.js
c:\program files (x86)\adawaretb\chrome\locale\lib\fr.js
c:\program files (x86)\adawaretb\chrome\locale\lib\it.js
c:\program files (x86)\adawaretb\chrome\locale\toolbar\de.js
c:\program files (x86)\adawaretb\chrome\locale\toolbar\en.js
c:\program files (x86)\adawaretb\chrome\locale\toolbar\es.js
c:\program files (x86)\adawaretb\chrome\locale\toolbar\fr.js
c:\program files (x86)\adawaretb\chrome\locale\toolbar\it.js
c:\program files (x86)\adawaretb\chrome\skin\blekko16.png
c:\program files (x86)\adawaretb\chrome\skin\bluelite.gif
c:\program files (x86)\adawaretb\chrome\skin\bluesky.gif
c:\program files (x86)\adawaretb\chrome\skin\btn-safe-de.png
c:\program files (x86)\adawaretb\chrome\skin\btn-safe-en.png
c:\program files (x86)\adawaretb\chrome\skin\btn-safe-es.png
c:\program files (x86)\adawaretb\chrome\skin\btn-safe-fr.png
c:\program files (x86)\adawaretb\chrome\skin\btn-safe-it.png
c:\program files (x86)\adawaretb\chrome\skin\btn-safe.png
c:\program files (x86)\adawaretb\chrome\skin\btn-search-de-over.png
c:\program files (x86)\adawaretb\chrome\skin\btn-search-de.png
c:\program files (x86)\adawaretb\chrome\skin\btn-search-en-over.png
c:\program files (x86)\adawaretb\chrome\skin\btn-search-en.png
c:\program files (x86)\adawaretb\chrome\skin\btn-search-es-over.png
c:\program files (x86)\adawaretb\chrome\skin\btn-search-es.png
c:\program files (x86)\adawaretb\chrome\skin\btn-search-fr-over.png
c:\program files (x86)\adawaretb\chrome\skin\btn-search-fr.png
c:\program files (x86)\adawaretb\chrome\skin\btn-search-it-over.png
c:\program files (x86)\adawaretb\chrome\skin\btn-search-it.png
c:\program files (x86)\adawaretb\chrome\skin\btn-settings-over.png
c:\program files (x86)\adawaretb\chrome\skin\btn-settings.png
c:\program files (x86)\adawaretb\chrome\skin\btn-unsafe-de.png
c:\program files (x86)\adawaretb\chrome\skin\btn-unsafe-en.png
c:\program files (x86)\adawaretb\chrome\skin\btn-unsafe-es.png
c:\program files (x86)\adawaretb\chrome\skin\btn-unsafe-fr.png
c:\program files (x86)\adawaretb\chrome\skin\btn-unsafe-it.png
c:\program files (x86)\adawaretb\chrome\skin\btn-unsafe.png
c:\program files (x86)\adawaretb\chrome\skin\custom.css
c:\program files (x86)\adawaretb\chrome\skin\dictionary.png
c:\program files (x86)\adawaretb\chrome\skin\downloadcom.png
c:\program files (x86)\adawaretb\chrome\skin\facebook.png
c:\program files (x86)\adawaretb\chrome\skin\games.png
c:\program files (x86)\adawaretb\chrome\skin\grey.gif
c:\program files (x86)\adawaretb\chrome\skin\ico-cleaner.png
c:\program files (x86)\adawaretb\chrome\skin\ico-clear.png
c:\program files (x86)\adawaretb\chrome\skin\images.png
c:\program files (x86)\adawaretb\chrome\skin\lib\add.png
c:\program files (x86)\adawaretb\chrome\skin\lib\aol.png
c:\program files (x86)\adawaretb\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\adawaretb\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\adawaretb\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\adawaretb\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\adawaretb\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\adawaretb\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\adawaretb\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\adawaretb\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\adawaretb\chrome\skin\lib\blank.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\checkmark.png
c:\program files (x86)\adawaretb\chrome\skin\lib\chevron.png
c:\program files (x86)\adawaretb\chrome\skin\lib\collapse.png
c:\program files (x86)\adawaretb\chrome\skin\lib\comcast.png
c:\program files (x86)\adawaretb\chrome\skin\lib\dtx.css
c:\program files (x86)\adawaretb\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\adawaretb\chrome\skin\lib\edit-back.png
c:\program files (x86)\adawaretb\chrome\skin\lib\expand.png
c:\program files (x86)\adawaretb\chrome\skin\lib\found.png
c:\program files (x86)\adawaretb\chrome\skin\lib\gmail.png
c:\program files (x86)\adawaretb\chrome\skin\lib\highlight.png
c:\program files (x86)\adawaretb\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\adawaretb\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\adawaretb\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\adawaretb\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\adawaretb\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\adawaretb\chrome\skin\lib\hotmail.png
c:\program files (x86)\adawaretb\chrome\skin\lib\imap.png
c:\program files (x86)\adawaretb\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\lock.png
c:\program files (x86)\adawaretb\chrome\skin\lib\mailcom.png
c:\program files (x86)\adawaretb\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\adawaretb\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\adawaretb\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\adawaretb\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\adawaretb\chrome\skin\lib\modify.png
c:\program files (x86)\adawaretb\chrome\skin\lib\move.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\movetarget.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\css\ie-only.css
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\css\ie7-only.css
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\btn-close-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\btn-close.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\footer-short-left.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\footer-short-middle.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\footer-short-right.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\titlebar-left.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\titlebar-middle.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\titlebar-right.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\ajax-loader.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\apps-bg-gradient-grid.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\apps-hover.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\appsfeatured-bg-gradient-grid.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\arrow-down-white.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\arrow-left.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\arrow-right.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\bg-scrollbar-thumb-y.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\bg-scrollbar-track-y.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\bg-scrollbar-trackend-y.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-add-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-add.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-close-grey-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-close-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-close.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-dark-left22-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-dark-left22.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-dark-middle22-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-dark-middle22.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-dark-right22-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-dark-right22.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-install.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-launch-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-launch.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\categories-bg-gradient-grid.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\featured-bg-btm-gradient.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\footer-short-left.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\footer-short-middle.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\footer-short-right.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\ico-box-next.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\ico-info-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\ico-info.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\ico-pref-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\ico-pref.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\ico-user-monitor.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\left-menu-hover.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\searchbox.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\searchboxlite.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\searchboxlite_end.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\shadow-leftmenu.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\sprite-dropdown.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\star.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\star_blank.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\throbber.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\titlebar-left.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\titlebar-middle.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\titlebar-right.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\topbar-inside-gradient.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\win-bottom-middleglow.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\win-left-bottomglow.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\win-left-middleglow.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\win-left-topglow.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\win-right-bottomglow.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\win-right-middleglow.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\win-right-topglow.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\images\win-top-middleglow.png
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\js\default.js
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\js\jquery-ui.js
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\js\jquery.js
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\js\jquery.tinyscrollbar.js
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\js\jquery.tinyscrollbar.min.js
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\js\jquery.uniform.min.js
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\js\jquery.url.js
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\js\kendo.all.min.js
c:\program files (x86)\adawaretb\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\adawaretb\chrome\skin\lib\pop.png
c:\program files (x86)\adawaretb\chrome\skin\lib\radio.png
c:\program files (x86)\adawaretb\chrome\skin\lib\reload.png
c:\program files (x86)\adawaretb\chrome\skin\lib\remove.png
c:\program files (x86)\adawaretb\chrome\skin\lib\rename.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\resize-box.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\rss.png
c:\program files (x86)\adawaretb\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\adawaretb\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\adawaretb\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\scroll-left.png
c:\program files (x86)\adawaretb\chrome\skin\lib\scroll-right.png
c:\program files (x86)\adawaretb\chrome\skin\lib\search-go.png
c:\program files (x86)\adawaretb\chrome\skin\lib\search.png
c:\program files (x86)\adawaretb\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\adawaretb\chrome\skin\lib\throbber.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\paneltemplate.html
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\template.html
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\adawaretb\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\adawaretb\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\adawaretb\chrome\skin\lib\yahoo.png
c:\program files (x86)\adawaretb\chrome\skin\lichen.gif
c:\program files (x86)\adawaretb\chrome\skin\logo-about.png
c:\program files (x86)\adawaretb\chrome\skin\logo-over.png
c:\program files (x86)\adawaretb\chrome\skin\logo.png
c:\program files (x86)\adawaretb\chrome\skin\modify-save.png
c:\program files (x86)\adawaretb\chrome\skin\modify.png
c:\program files (x86)\adawaretb\chrome\skin\music.png
c:\program files (x86)\adawaretb\chrome\skin\news.png
c:\program files (x86)\adawaretb\chrome\skin\options\options-main.png
c:\program files (x86)\adawaretb\chrome\skin\options\options-search.png
c:\program files (x86)\adawaretb\chrome\skin\options\options-weather.png
c:\program files (x86)\adawaretb\chrome\skin\options\options-widgets.png
c:\program files (x86)\adawaretb\chrome\skin\orange.gif
c:\program files (x86)\adawaretb\chrome\skin\search-background-de.png
c:\program files (x86)\adawaretb\chrome\skin\search-background-en.png
c:\program files (x86)\adawaretb\chrome\skin\search-background-es.png
c:\program files (x86)\adawaretb\chrome\skin\search-background-fr.png
c:\program files (x86)\adawaretb\chrome\skin\search-background-it.png
c:\program files (x86)\adawaretb\chrome\skin\search-background.png
c:\program files (x86)\adawaretb\chrome\skin\shopping.png
c:\program files (x86)\adawaretb\chrome\skin\skin-bluelite.png
c:\program files (x86)\adawaretb\chrome\skin\skin-bluesky.png
c:\program files (x86)\adawaretb\chrome\skin\skin-grey.png
c:\program files (x86)\adawaretb\chrome\skin\skin-lichen.png
c:\program files (x86)\adawaretb\chrome\skin\skin-orange.png
c:\program files (x86)\adawaretb\chrome\skin\skin-yellow.png
c:\program files (x86)\adawaretb\chrome\skin\technorati.png
c:\program files (x86)\adawaretb\chrome\skin\throbber.gif
c:\program files (x86)\adawaretb\chrome\skin\toolbarsplitter.png
c:\program files (x86)\adawaretb\chrome\skin\vertical_separator.png
c:\program files (x86)\adawaretb\chrome\skin\web.png
c:\program files (x86)\adawaretb\chrome\skin\wikipedia.png
c:\program files (x86)\adawaretb\chrome\skin\yellow.gif
c:\program files (x86)\adawaretb\chrome\skin\youtube.png
c:\program files (x86)\adawaretb\components\windowmediator.js
c:\program files (x86)\adawaretb\dtUser.exe
c:\program files (x86)\adawaretb\ffHelper.exe
c:\program files (x86)\adawaretb\ieUtils.exe
c:\program files (x86)\adawaretb\install.ico
c:\program files (x86)\adawaretb\manifest.xml
c:\program files (x86)\adawaretb\uninstall.exe
c:\program files (x86)\WhiteSmoke_New
c:\program files (x86)\WhiteSmoke_New\GottenAppsContextMenu.xml
c:\program files (x86)\WhiteSmoke_New\hk64tbWhit.dll
c:\program files (x86)\WhiteSmoke_New\hktbWhit.dll
c:\program files (x86)\WhiteSmoke_New\ldrtbWhit.dll
c:\program files (x86)\WhiteSmoke_New\OtherAppsContextMenu.xml
c:\program files (x86)\WhiteSmoke_New\prxtbWhit.dll
c:\program files (x86)\WhiteSmoke_New\SharedAppsContextMenu.xml
c:\program files (x86)\WhiteSmoke_New\tbWhit.dll
c:\program files (x86)\WhiteSmoke_New\toolbar.cfg
c:\program files (x86)\WhiteSmoke_New\ToolbarContextMenu.xml
c:\program files (x86)\WhiteSmoke_New\uninstall.exe
c:\program files (x86)\WhiteSmoke_New\WhiteSmoke_NewToolbarHelper.exe
c:\programdata\Ad-Aware Browsing Protection
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
c:\programdata\Ad-Aware Browsing Protection\guid.dat
c:\programdata\Ad-Aware Browsing Protection\uninstall.exe
c:\users\Wendy\AppData\Local\adawarebp
c:\users\Wendy\AppData\Local\adawarebp\catalog.list
c:\users\Wendy\AppData\Local\adawarebp\data\130503041127-f.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504001105-f.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504004150-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504004150-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504011242-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504011242-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504014326-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504014326-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504021413-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504021413-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504024500-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504024500-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504031551-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504031551-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504034637-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504034637-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504041724-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504041724-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504044808-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504044808-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504051856-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504051856-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504054939-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504054939-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504062206-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504062206-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504072328-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504072328-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504075411-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504075411-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504082458-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504082458-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504085546-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504085546-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504092633-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504092633-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504095720-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504095720-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504102808-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504102808-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504105854-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504105854-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504112939-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504112939-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504120024-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504120024-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504123110-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504123110-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504130152-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504130152-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504133236-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504133236-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504140320-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504140320-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504143407-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504143407-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504150458-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504150458-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504160620-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504160620-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504170746-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504170746-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504180909-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504180909-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504191032-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504191032-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504201154-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504201154-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504211317-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504211317-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504221442-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504221442-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504224529-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504224529-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504231619-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130504231619-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505001740-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505001740-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505011904-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505011904-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505022031-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505022031-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505032156-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505032156-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505042317-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505042317-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505052437-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505052437-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505062709-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505062709-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505072831-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505072831-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505082954-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505082954-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505093115-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505093115-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505103234-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505103234-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505113357-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505113357-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505120442-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505120442-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505123525-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505123525-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505130612-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505130612-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505133658-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505133658-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505140744-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505140744-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505143827-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505143827-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505150915-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505150915-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505154002-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505154002-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505161048-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505161048-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505164132-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505164132-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505171218-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505171218-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505174305-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505174305-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505181354-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505181354-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505184443-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505184443-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505191532-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505191532-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505194616-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505194616-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505201703-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505201703-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505204748-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505204748-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505211836-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505211836-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505214920-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505214920-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505222007-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505222007-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505225052-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505225052-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505232140-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505232140-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505235226-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130505235226-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130506002316-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130506002316-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130506005402-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130506005402-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130506012451-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130506012451-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130506015537-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130506015537-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130506022628-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130506022628-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130506025713-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130506025713-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\130506032800-l.list
c:\users\Wendy\AppData\Local\adawarebp\data\130506032800-m.list
c:\users\Wendy\AppData\Local\adawarebp\data\temp.zip
c:\users\Wendy\AppData\Roaming\LavasoftStatistics
c:\users\Wendy\AppData\Roaming\LavasoftStatistics\adaware.xml
.
.
((((((((((((((((((((((((( Files Created from 2013-04-06 to 2013-05-06 )))))))))))))))))))))))))))))))
.
.
2013-05-06 04:24 . 2013-05-06 04:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-06 00:14 . 2013-05-06 00:14 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-05-06 00:14 . 2013-05-06 00:14 96664 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-05-06 00:14 . 2013-05-06 00:14 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-05-06 00:14 . 2013-05-06 00:14 170232 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-05-05 00:06 . 2013-05-05 00:06 -------- d-----w- c:\users\Wendy\AppData\Roaming\SearchProtect
2013-05-03 04:37 . 2013-05-03 04:37 -------- d-----w- c:\programdata\Downloaded Installations
2013-05-03 04:37 . 2013-05-03 04:37 -------- d-----w- c:\programdata\blekko toolbars
2013-05-03 04:37 . 2013-05-03 04:37 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-05-03 04:35 . 2013-05-03 04:35 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-05-03 04:35 . 2013-05-04 23:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-03 04:34 . 2009-01-25 19:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-05-03 04:34 . 2013-05-03 04:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-05-03 04:31 . 2013-05-03 04:31 -------- d-----w- c:\users\Wendy\AppData\Roaming\Malwarebytes
2013-05-03 04:31 . 2013-05-03 04:31 -------- d-----w- c:\programdata\Malwarebytes
2013-05-03 04:31 . 2013-05-03 04:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-03 04:31 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-03 04:29 . 2013-05-03 04:29 -------- d-----w- c:\users\Wendy\AppData\Roaming\SUPERAntiSpyware.com
2013-05-03 04:28 . 2013-05-03 04:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-05-03 04:28 . 2013-05-03 04:28 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-05-03 01:16 . 2012-04-20 23:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-05-03 01:16 . 2013-02-19 20:55 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-05-03 01:16 . 2013-05-03 01:16 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2013-05-03 01:16 . 2013-02-19 20:59 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-05-03 01:16 . 2013-02-19 20:55 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-05-03 01:16 . 2013-02-19 20:53 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-05-03 01:16 . 2013-02-19 20:53 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-05-03 01:16 . 2013-05-03 01:16 -------- d-----w- c:\program files\Common Files\McAfee
2013-05-03 01:16 . 2013-05-03 01:16 -------- d-----w- c:\program files\McAfee
2013-05-03 01:16 . 2013-05-04 00:40 -------- d-----w- c:\program files (x86)\McAfee
2013-05-03 01:07 . 2013-02-19 20:56 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-04-28 21:18 . 2013-04-28 21:18 -------- d-----w- c:\users\Wendy\AppData\Local\MPlayer
2013-04-28 20:15 . 2013-04-28 20:15 -------- d-----w- c:\programdata\AOL
2013-04-28 20:03 . 2013-05-02 04:51 -------- d-----w- c:\program files (x86)\Iminent
2013-04-28 20:03 . 2013-04-28 20:03 -------- d-----w- c:\program files (x86)\MixiDJ_V37
2013-04-28 19:05 . 2013-04-28 19:05 -------- d-----w- c:\users\Wendy\AppData\Local\Mozilla
2013-04-28 18:53 . 2013-04-28 18:53 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-22 03:48 . 2013-04-17 13:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16718312-B72F-49AC-BAA4-A30281DCC7AC}\mpengine.dll
2013-04-22 03:33 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-04-22 03:33 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-04-22 03:33 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-04-22 03:33 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-04-22 03:31 . 2013-04-22 03:31 -------- d-----w- c:\program files\Microsoft Silverlight
2013-04-22 03:31 . 2013-04-22 03:31 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-04-22 03:17 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll
2013-04-22 03:14 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-04-21 22:06 . 2013-04-21 22:04 5071600 ----a-w- c:\programdata\pclunst.exe
2013-04-21 22:06 . 2013-04-21 22:06 -------- d-----w- c:\programdata\PC1Data
2013-04-21 21:03 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-21 21:03 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-21 21:03 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-21 21:03 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-04-21 21:03 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-21 21:03 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-21 21:02 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-21 21:02 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-04-21 21:02 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-21 20:33 . 2013-04-28 20:24 -------- d-----w- c:\users\Wendy\AppData\Roaming\player
2013-04-21 20:26 . 2013-05-04 07:08 -------- d-----w- c:\users\Wendy\AppData\Local\SwvUpdater
2013-04-21 20:25 . 2013-04-21 20:26 -------- d-----w- c:\program files (x86)\SearchProtect
2013-04-21 20:25 . 2013-04-21 20:25 -------- d-----w- c:\program files (x86)\Conduit
2013-04-21 20:25 . 2013-04-28 20:03 -------- d-----w- c:\users\Wendy\AppData\Local\Conduit
2013-04-21 20:24 . 2013-04-21 20:24 -------- d-----w- c:\users\Wendy\AppData\Roaming\Roxio Burn
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-03 02:01 . 2012-07-18 00:36 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-05-03 02:00 . 2011-10-25 01:35 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-05-03 02:00 . 2011-10-25 01:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-05-03 01:59 . 2011-10-25 01:34 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-04-28 18:53 . 2012-08-05 21:17 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-28 18:53 . 2012-04-09 01:27 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-02 02:58 . 2012-09-22 07:25 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-30 03:16 . 2012-05-12 17:33 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-30 03:16 . 2011-11-07 01:01 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 08:10 . 2011-09-28 03:10 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-02-19 20:56 . 2013-02-19 20:56 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 20:54 . 2013-02-19 20:54 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-19 20:52 . 2013-02-19 20:52 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-02-12 05:45 . 2013-04-22 03:17 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-04-22 03:17 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-04-22 03:17 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-04-22 03:17 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-04-22 03:17 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-04-22 03:17 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.

Koinos · 2013/05/05

PART 2

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{eef3855c-fc2d-41e6-8d91-d368f51b3055} "= "c:\program files (x86)\MixiDJ_V37\prxtbMixi.dll" [2013-04-10 231712]
.
[HKEY_CLASSES_ROOT\clsid\{eef3855c-fc2d-41e6-8d91-d368f51b3055}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1766FEFF-F32C-413D-ABF4-85119880246C}]
2013-04-28 18:59 78648 ----a-w- c:\users\Wendy\AppData\Local\getsavin\ie\getsavin_1367175542.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{eef3855c-fc2d-41e6-8d91-d368f51b3055}]
2013-04-10 10:19 231712 ----a-w- c:\program files (x86)\MixiDJ_V37\prxtbMixi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{eef3855c-fc2d-41e6-8d91-d368f51b3055} "= "c:\program files (x86)\MixiDJ_V37\prxtbMixi.dll" [2013-04-10 231712]
.
[HKEY_CLASSES_ROOT\clsid\{eef3855c-fc2d-41e6-8d91-d368f51b3055}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel "= "c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-24 455968]
"PhotoShow Deluxe Media Manager "= "c:\progra~2\Ahead\Ahead\data\Xtras\mssysmgr.exe" [2004-05-12 196608]
"BackupAgent "= "c:\program files (x86)\Strongvault Online Backup\BackupAgent.exe" [2013-03-19 197448]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
"Spybot-S&D Cleaning "= "c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
"SearchProtect "= "c:\users\Wendy\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-04-11 2730784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon "= "c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"hpWirelessAssistant "= "c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"QPService "= "c:\program files (x86)\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"UCam_Menu "= "c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"WAWifiMessage "= "c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"DivXUpdate "= "c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RoxWatchTray "= "c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2011-07-13 293360]
"ISUSPM "= "c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]
"CPMonitor "= "c:\program files (x86)\Roxio 2012\5.0\CPMonitor.exe" [2011-07-08 84464]
"Desktop Disc Tool "= "c:\program files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe" [2011-06-13 506352]
"Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"HP Software Update "= "c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SearchProtectAll "= "c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-04-11 2730784]
"SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-14 1532992]
"SDTray "= "c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2011-07-13 340976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files (x86)\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe [x]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2011-07-13 1095664]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-23 1255736]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-05-03 14456]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-05-24 55952]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-04-11 93984]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 03:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "= "RAVCpl64.exe" [2007-10-09 5429760]
"SMSERIAL "= "c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 833536]
"SynTPEnh "= "c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IAAnotif "= "c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"OnScreenDisplay "= "c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 701440]
"CanonSolutionMenu "= "c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us.mg205.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=5kugr0l6aeb48&.lts=1367180898
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={FC85ADA5-98EE-11E2-8524-001E68B69C84}
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI=UN23847182794437520&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MixiDJ V37 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=61&CUI=UN23847182794437520&UM=2&UP=SP6486C803-F761-4E88-920F-E8331C8A8260
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN23847182794437520&UM=2&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-29 21:05; infoatoms@infoatoms.com; c:\program files (x86)\Mozilla FireFox\extensions\infoatoms@infoatoms.com
FF - ExtSQL: 2013-04-28 13:02; {eef3855c-fc2d-41e6-8d91-d368f51b3055}; c:\users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}
FF - ExtSQL: 2013-05-02 21:37; {87934c42-161d-45bc-8cef-ef18abe2a30c}; c:\users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: 2013-05-04 10:00; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-05-04 14:37; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: !HIDDEN! 2013-03-29 21:05; infoatoms@infoatoms.com; c:\program files (x86)\Mozilla FireFox\extensions\infoatoms@infoatoms.com
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files (x86)\adawaretb\adawareDx.dll
BHO-{739df940-c5ee-4bab-9d7e-270894ae687a} - c:\program files (x86)\WhiteSmoke_New\prxtbWhit.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
WebBrowser-{EEF3855C-FC2D-41E6-8D91-D368F51B3055} - (no file)
AddRemove-Ad-Aware Browsing Protection - c:\programdata\Ad-Aware Browsing Protection\uninstall.exe
AddRemove-adawaretb - c:\program files (x86)\adawaretb\uninstall.exe
AddRemove-DefaultTab - c:\users\Wendy\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-WhiteSmoke_New Toolbar - c:\program files (x86)\WhiteSmoke_New\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@SACL=
@= "FlashProp Class "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@SACL=
@= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.11 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue "=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution "= "{15727DE6-F92D-4E46-ACB4-0E2C58B31A18} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key "= "ActionsPane3 "
"Location "= "c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-05 21:28:23
ComboFix-quarantined-files.txt 2013-05-06 04:28
.
Pre-Run: 176,070,647,808 bytes free
Post-Run: 175,739,871,232 bytes free
.
- - End Of File - - 75045D2606D9F537DE2D839E4C93177A

broni · 2013/05/06

Looks good.

How is computer doing?

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Koinos · 2013/05/06

Much better after ComboFix.
Am noticing that I cannot create a new folder with the New Folder button in Windows Explore.

# AdwCleaner v2.300 - Logfile created 05/06/2013 at 18:01:51
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Wendy - WENDY-PC
# Boot Mode : Normal
# Running from : C:\Users\Wendy\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : CltMngSvc

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\Program Files (x86)\MixiDJ_V37
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Wendy\AppData\Local\Conduit
Folder Deleted : C:\Users\Wendy\AppData\Local\getsavin
Folder Deleted : C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\Wendy\AppData\Local\SavingsApp
Folder Deleted : C:\Users\Wendy\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Wendy\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Wendy\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Wendy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Wendy\AppData\LocalLow\MixiDJ_V37
Folder Deleted : C:\Users\Wendy\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Wendy\AppData\LocalLow\WhiteSmoke_New
Folder Deleted : C:\Users\Wendy\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\adawaretb
Folder Deleted : C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\CT3298573
Folder Deleted : C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}
Folder Deleted : C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\jetpack
Folder Deleted : C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\Smartbar
Folder Deleted : C:\Users\Wendy\AppData\Roaming\SearchProtect

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\MixiDJ_V37
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SavingsApp
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_New
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C84BABA-BF9D-4E42-A684-5288580631D2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298573
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SavingsApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SavingsApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C84BABA-BF9D-4E42-A684-5288580631D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\MixiDJ_V37
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\WhiteSmoke_New
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C84BABA-BF9D-4E42-A684-5288580631D2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E839B3D-F332-4549-A1BE-428C75F0404A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DAD755F-5154-476C-845A-12824CEC4041}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8ABC3322-CEA5-4096-ABE3-529BF9903E33}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AC2FFFE-E0B5-475C-9B04-26132CA61EB3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V37 Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEF3855C-FC2D-41E6-8D91-D368F51B3055}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\prefs.js

Deleted : user_pref( "CT3298573.1000082.isPlayDisplay ", "true ");
Deleted : user_pref( "CT3298573.1000082.state ", "{\ "state\ ":\ "stopped\ ",\ "text\ ":\ "Californi...\ ",\ "description[...]
Deleted : user_pref( "CT3298573.ENABALE_HISTORY ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "true\ "} ");
Deleted : user_pref( "CT3298573.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "tru[...]
Deleted : user_pref( "CT3298573.FF19Solved ", "true ");
Deleted : user_pref( "CT3298573.FirstTime ", "true ");
Deleted : user_pref( "CT3298573.FirstTimeFF3 ", "true ");
Deleted : user_pref( "CT3298573.PG_ENABLE ", "dHJ1ZQ== ");
Deleted : user_pref( "CT3298573.PG_ENABLE.enc ", "dHJ1ZQ== ");
Deleted : user_pref( "CT3298573.SF_JUST_INSTALLED.enc ", "RkFMU0U= ");
Deleted : user_pref( "CT3298573.SF_STATUS.enc ", "RU5BQkxFRA== ");
Deleted : user_pref( "CT3298573.SF_USER_ID.enc ", "Y2lkXzI1MjAxMzE3NTczNDUwNDE0MTE= ");
Deleted : user_pref( "CT3298573.SearchFromAddressBarUrl ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329[...]
Deleted : user_pref( "CT3298573.TopHitsConfig.enc ", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC[...]
Deleted : user_pref( "CT3298573.UserID ", "UN23847182794437520 ");
Deleted : user_pref( "CT3298573.YTbyClickFavorites.enc ", "W10= ");
Deleted : user_pref( "CT3298573.YTbyClickRecent.enc ", "W10= ");
Deleted : user_pref( "CT3298573.addressBarTakeOverEnabledInHidden ", "true ");
Deleted : user_pref( "CT3298573.autoDisableScopes ", -1);
Deleted : user_pref( "CT3298573.browser.search.defaultthis.engineName ", "true ");
Deleted : user_pref( "CT3298573.defaultSearch ", "true ");
Deleted : user_pref( "CT3298573.enableAlerts ", "true ");
Deleted : user_pref( "CT3298573.enableFix404ByUser ", "TRUE ");
Deleted : user_pref( "CT3298573.enableSearchFromAddressBar ", "true ");
Deleted : user_pref( "CT3298573.firstTimeDialogOpened ", "true ");
Deleted : user_pref( "CT3298573.fixPageNotFoundError ", "true ");
Deleted : user_pref( "CT3298573.fixPageNotFoundErrorByUser ", "true ");
Deleted : user_pref( "CT3298573.fixPageNotFoundErrorInHidden ", "true ");
Deleted : user_pref( "CT3298573.fixUrls ", true);
Deleted : user_pref( "CT3298573.homepageuserchanged ", true);
Deleted : user_pref( "CT3298573.installDate ", "28/4/2013 13:02:36 ");
Deleted : user_pref( "CT3298573.installId ", "cid128_48 ");
Deleted : user_pref( "CT3298573.installSessionId ", "{CC0CE516-B8CD-4783-8614-0D25AE28A314} ");
Deleted : user_pref( "CT3298573.installSp ", "TRUE ");
Deleted : user_pref( "CT3298573.installType ", "conduitnsisintegration ");
Deleted : user_pref( "CT3298573.installUsage ", "2013-05-03T03:54:54.5671145+03:00 ");
Deleted : user_pref( "CT3298573.installUsageEarly ", "2013-05-03T03:54:53.9586989+03:00 ");
Deleted : user_pref( "CT3298573.installerVersion ", "1.4.1.3 ");
Deleted : user_pref( "CT3298573.isCheckedStartAsHidden ", true);
Deleted : user_pref( "CT3298573.isEnableAllDialogs ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "true\ "} ");
Deleted : user_pref( "CT3298573.isFirstTimeToolbarLoading ", "false ");
Deleted : user_pref( "CT3298573.isToolbarShrinked ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "false\ "} ");
Deleted : user_pref( "CT3298573.keyword ", "true ");
Deleted : user_pref( "CT3298573.lastNewTabSettings ", "{\ "isEnabled\ ":false,\ "newTabUrl\ ":\ "hxxp://search.condui[...]
Deleted : user_pref( "CT3298573.lastVersion ", "10.15.2.23 ");
Deleted : user_pref( "CT3298573.mam_gk_appStateReportTime.enc ", "MTM2NzcxNTUxNDkxNQ== ");
Deleted : user_pref( "CT3298573.mam_gk_appState_CouponBuddy.enc ", "b24= ");
Deleted : user_pref( "CT3298573.mam_gk_appState_Easytobook.enc ", "b24= ");
Deleted : user_pref( "CT3298573.mam_gk_appState_Easytobook_targeted.enc ", "b24= ");
Deleted : user_pref( "CT3298573.mam_gk_appState_PriceGong.enc ", "b24= ");
Deleted : user_pref( "CT3298573.mam_gk_appState_WindowShopper.enc ", "b24= ");
Deleted : user_pref( "CT3298573.mam_gk_appsData.enc ", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref( "CT3298573.mam_gk_appsDefaultEnabled.enc ", "bnVsbA== ");
Deleted : user_pref( "CT3298573.mam_gk_configuration.enc ", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
Deleted : user_pref( "CT3298573.mam_gk_currentVersion.enc ", "MS40LjQuNg== ");
Deleted : user_pref( "CT3298573.mam_gk_eventsCache.enc ", "eyJkMzE4NDA1My1jNDFhLTQ4N2ItOGFkNC1lNmU0ZTRhYmEwMjciO[...]
Deleted : user_pref( "CT3298573.mam_gk_first_time.enc ", "MQ== ");
Deleted : user_pref( "CT3298573.mam_gk_gadgetOpen.enc ", "d2VsY29tZQ== ");
Deleted : user_pref( "CT3298573.mam_gk_installer_preapproved.enc ", "ZmFsc2U= ");
Deleted : user_pref( "CT3298573.mam_gk_lastLoginTime.enc ", "MTM2NzcxNTUxMDkyOA== ");
Deleted : user_pref( "CT3298573.mam_gk_localization.enc ", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref( "CT3298573.mam_gk_pgUnloadedOnce.enc ", "dHJ1ZQ== ");
Deleted : user_pref( "CT3298573.mam_gk_settings1.4.4.6.enc ", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref( "CT3298573.mam_gk_showCloseButton.enc ", "dHJ1ZQ== ");
Deleted : user_pref( "CT3298573.mam_gk_showWelcomeGadget.enc ", "ZmFsc2U= ");
Deleted : user_pref( "CT3298573.mam_gk_userId.enc ", "ZGFiYWM3YzAtYjhkNC00ZGE0LWE1ZDAtOTgyNzdjNGQyZmRm ");
Deleted : user_pref( "CT3298573.migrateAppsAndComponents ", true);
Deleted : user_pref( "CT3298573.navigationAliasesJson ", "{\ "EB_SEARCH_TERM\ ":\ "\ ",\ "EB_MAIN_FRAME_URL\ ":\ "hxxp%[...]
Deleted : user_pref( "CT3298573.newSettings ", "{\ "dataType\ ":\ "boolean\ ",\ "data\ ":\ "true\ "} ");
Deleted : user_pref( "CT3298573.openThankYouPage ", "false ");
Deleted : user_pref( "CT3298573.openUninstallPage ", "true ");
Deleted : user_pref( "CT3298573.revertSettingsEnabled ", "false ");
Deleted : user_pref( "CT3298573.search.searchAppId ", "130110228602769889 ");
Deleted : user_pref( "CT3298573.search.searchCount ", "0 ");
Deleted : user_pref( "CT3298573.searchFromAddressBarEnabledByUser ", "true ");
Deleted : user_pref( "CT3298573.searchInNewTabEnabledByUser ", "true ");
Deleted : user_pref( "CT3298573.searchInNewTabEnabledInHidden ", "true ");
Deleted : user_pref( "CT3298573.searchRevert ", "false ");
Deleted : user_pref( "CT3298573.searchUserMode ", "2 ");
Deleted : user_pref( "CT3298573.selectToSearchBoxEnabled ", "{\ "dataType\ ":\ "string\ ",\ "data\ ":\ "true\ "} ");
Deleted : user_pref( "CT3298573.serviceLayer_service_login_isFirstLoginInvoked ", "{\ "dataType\ ":\ "boolean\ ",\ "d[...]
Deleted : user_pref( "CT3298573.serviceLayer_service_login_loginCount ", "{\ "dataType\ ":\ "number\ ",\ "data\ ":\ "4\[...]
Deleted : user_pref( "CT3298573.serviceLayer_service_toolbarGrouping_activeCTID ", "{\ "dataType\ ":\ "string\ ",\ "d[...]
Deleted : user_pref( "CT3298573.serviceLayer_service_toolbarGrouping_activeDownloadUrl ", "{\ "dataType\ ":\ "strin[...]
Deleted : user_pref( "CT3298573.serviceLayer_service_toolbarGrouping_activeToolbarName ", "{\ "dataType\ ":\ "strin[...]
Deleted : user_pref( "CT3298573.serviceLayer_service_toolbarGrouping_invoked ", "{\ "dataType\ ":\ "string\ ",\ "data[...]
Deleted : user_pref( "CT3298573.serviceLayer_services_appTrackingFirstTime_lastUpdate ", "1367542495880 ");
Deleted : user_pref( "CT3298573.serviceLayer_services_appsMetadata_lastUpdate ", "1367723981723 ");
Deleted : user_pref( "CT3298573.serviceLayer_services_gottenAppsContextMenu_lastUpdate ", "1367542495571 ");
Deleted : user_pref( "CT3298573.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate ", "1367542495[...]
Deleted : user_pref( "CT3298573.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate ", "1367542495999 ")[...]
Deleted : user_pref( "CT3298573.serviceLayer_services_location_lastUpdate ", "1367802109170 ");
Deleted : user_pref( "CT3298573.serviceLayer_services_login_10.15.2.23_lastUpdate ", "1367888118232 ");
Deleted : user_pref( "CT3298573.serviceLayer_services_otherAppsContextMenu_lastUpdate ", "1367542495617 ");
Deleted : user_pref( "CT3298573.serviceLayer_services_searchAPI_lastUpdate ", "1367715709432 ");
Deleted : user_pref( "CT3298573.serviceLayer_services_serviceMap_lastUpdate ", "1367802108905 ");
Deleted : user_pref( "CT3298573.serviceLayer_services_toolbarContextMenu_lastUpdate ", "1367542495466 ");
Deleted : user_pref( "CT3298573.serviceLayer_services_toolbarSettings_lastUpdate ", "1367888117779 ");
Deleted : user_pref( "CT3298573.serviceLayer_services_translation_lastUpdate ", "1367802108729 ");
Deleted : user_pref( "CT3298573.settingsINI ", true);
Deleted : user_pref( "CT3298573.shouldFirstTimeDialog ", "false ");
Deleted : user_pref( "CT3298573.showToolbarPermission ", "false ");
Deleted : user_pref( "CT3298573.smartbar.CTID ", "CT3298573 ");
Deleted : user_pref( "CT3298573.smartbar.Uninstall ", "0 ");
Deleted : user_pref( "CT3298573.smartbar.homepage ", "true ");
Deleted : user_pref( "CT3298573.smartbar.isHidden ", true);
Deleted : user_pref( "CT3298573.smartbar.toolbarName ", "MixiDJ V37 ");
Deleted : user_pref( "CT3298573.startPage ", "true ");
Deleted : user_pref( "CT3298573.toolbarBornServerTime ", "3-5-2013 ");
Deleted : user_pref( "CT3298573.toolbarCurrentServerTime ", "7-5-2013 ");
Deleted : user_pref( "CT3298573.toolbarLoginClientTime ", "Thu May 02 2013 17:54:55 GMT-0700 (Pacific Daylight T[...]
Deleted : user_pref( "CT3298573.url_history0001.enc ", "aHR0cDovL3dpbmhlbHAyMDAyLm12cHMub3JnL2hvc3RzLnppcDo6OmNs[...]
Deleted : user_pref( "CT3298573.versionFromInstaller ", "10.15.2.23 ");
Deleted : user_pref( "CT3298573_Firefox.csv ", "[{\ "from\ ":\ "Abs Layer\ ",\ "action\ ":\ "loading toolbar\ ",\ "time\ "[...]
Deleted : user_pref( "Smartbar.ConduitHomepagesList ", "hxxp://search.conduit.com/?ctid=CT3298573&octid=CT329857[...]
Deleted : user_pref( "Smartbar.ConduitSearchEngineList ", "MixiDJ V37 Customized Web Search ");
Deleted : user_pref( "Smartbar.ConduitSearchUrlList ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573[...]
Deleted : user_pref( "Smartbar.SearchFromAddressBarSavedUrl ", " ");
Deleted : user_pref( "Smartbar.keywordURLSelectedCTID ", "CT3298573 ");
Deleted : user_pref( "browser.search.defaultthis.engineName ", "MixiDJ V37 Customized Web Search ");
Deleted : user_pref( "browser.search.defaulturl ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI[...]
Deleted : user_pref( "browser.search.selectedEngine ", "MixiDJ V37 Customized Web Search ");
Deleted : user_pref( "keyword.URL ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CU[...]
Deleted : user_pref( "smartbar.conduitHomepageList ", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN238471827[...]
Deleted : user_pref( "smartbar.conduitSearchAddressUrlList ", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref( "smartbar.machineId ", "IGGKPF85SEILDMUAMUAJEVXB0P5UHZMRABFFG+Z4HCOP6UILTIHWIL+VRBAUDR3ZZTW[...]
Deleted : user_pref( "smartbar.originalHomepage ", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&Se[...]
Deleted : user_pref( "smartbar.originalSearchAddressUrl ", " ");
Deleted : user_pref( "smartbar.originalSearchEngine ", " ");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [33948 octets] - [06/05/2013 18:01:51]

########## EOF - C:\AdwCleaner[S1].txt - [34009 octets] ##########

JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Wendy on Mon 05/06/2013 at 18:09:58.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\stronghold online backup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7488772D-0306-42B2-8A3E-B944B2DEE2BA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{88311CAF-F0AE-4CB8-9B30-E1D707CE373E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8C3F4349-D4B1-4D9B-9CA1-6827424F5027}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{7488772D-0306-42B2-8A3E-B944B2DEE2BA}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc1data "
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup "
Successfully deleted: [Folder] "C:\Users\Wendy\AppData\Roaming\strongvault "
Successfully deleted: [Folder] "C:\Users\Wendy\appdata\local\strongvault "
Successfully deleted: [Folder] "C:\Users\Wendy\appdata\local\strongvault online backup "
Successfully deleted: [Folder] "C:\Program Files (x86)\infoatoms "
Successfully deleted: [Folder] "C:\Program Files (x86)\strongvault online backup "
Successfully deleted: [Folder] "C:\Users\Wendy\AppData\Roaming\microsoft\windows\start menu\programs\strongvault online backup "
Successfully deleted: [Folder] "C:\ai_recyclebin "
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin "

~~~ FireFox

Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com "
Successfully deleted: [Folder] C:\Users\Wendy\AppData\Roaming\mozilla\firefox\profiles\qlijdhx0.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Successfully deleted: [Folder] C:\Users\Wendy\AppData\Roaming\mozilla\firefox\profiles\qlijdhx0.default\extensions\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\infoatoms@infoatoms.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/06/2013 at 18:16:57.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Koinos · 2013/05/06

Part 2

OTL logfile created on: 5/6/2013 6:19:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wendy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.98 Gb Available Physical Memory | 74.79% Memory free
7.98 Gb Paging File | 6.45 Gb Available in Paging File | 80.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.02 Gb Total Space | 163.94 Gb Free Space | 74.51% Space Free | Partition Type: NTFS
Drive D: | 12.86 Gb Total Space | 1.92 Gb Free Space | 14.94% Space Free | Partition Type: NTFS

Computer Name: WENDY-PC | User Name: Wendy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/06 17:57:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wendy\Desktop\OTL.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/08 12:31:22 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
PRC - [2011/06/12 19:07:24 | 000,506,352 | ---- | M] () -- C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2007/10/24 03:02:16 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/24 03:02:14 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/08/23 12:35:00 | 000,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/04/13 09:20:22 | 000,097,432 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2004/05/12 13:04:54 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Ahead\Ahead\data\Xtras\mssysmgr.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/07/08 12:31:22 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
MOD - [2011/06/12 19:07:24 | 000,506,352 | ---- | M] () -- C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2007/08/14 15:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2004/05/12 13:04:54 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Ahead\Ahead\data\Xtras\mssysmgr.exe

========== Services (SafeList) ==========

SRV:64bit: - [2013/02/25 23:05:10 | 000,384,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2013/02/19 13:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/02/19 13:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/02/19 13:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2012/07/11 11:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/05 17:14:28 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/29 20:16:59 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/07/13 07:41:52 | 000,340,976 | ---- | M] (Rovi Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2011/07/13 07:41:30 | 001,095,664 | ---- | M] (Rovi Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/24 03:02:16 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/08/23 12:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/23 12:35:00 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/04/13 09:20:22 | 000,097,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/03/05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/02 21:35:49 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/02/19 13:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/02/19 13:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/02/19 13:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2013/02/19 13:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/02/19 13:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/02/19 13:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/02/19 13:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/24 04:00:00 | 000,055,952 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/09/29 16:03:32 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/07/11 10:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/03/26 19:48:24 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/03/19 12:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/02/27 16:10:38 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/01/17 06:48:30 | 001,455,616 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smserial.sys -- (smserial)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{7488772D-0306-42B2-8A3E-B944B2DEE2BA}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{921434E2-E5DD-49C9-8D04-0FF323C70D95}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{921434E2-E5DD-49C9-8D04-0FF323C70D95}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3851552987-2318920240-1996636540-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mg205.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=5kugr0l6aeb48&.lts=1367180898
IE - HKU\S-1-5-21-3851552987-2318920240-1996636540-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3851552987-2318920240-1996636540-1000\..\SearchScopes\{921434E2-E5DD-49C9-8D04-0FF323C70D95}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\S-1-5-21-3851552987-2318920240-1996636540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home "
FF - prefs.js..extensions.enabledAddons: tidynetwork%40tidynetwork:4.0
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:2.5
FF - prefs.js..extensions.enabledAddons: %7Beef3855c-fc2d-41e6-8d91-d368f51b3055%7D:10.15.2.23
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.5.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@consona.com/ScriptRunner: C:\Program Files (x86)\Common Files\supportsoft\bin\nptgctlsr.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@consona.com/SmartIssue: C:\Program Files (x86)\Common Files\supportsoft\bin\nptgctlsi.dll (SupportSoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Wendy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/04 12:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/05/03 17:56:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla FireFox\components [2013/05/05 17:14:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla FireFox\plugins [2013/04/28 11:58:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla FireFox\components [2013/05/05 17:14:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla FireFox\plugins [2013/04/28 11:58:40 | 000,000,000 | ---D | M]

[2013/04/28 12:06:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wendy\AppData\Roaming\Mozilla\Extensions
[2013/05/06 18:16:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\extensions
[2013/04/28 13:01:54 | 000,000,000 | ---D | M] (Tidy Network) -- C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\qlijdhx0.default\extensions\tidynetwork@tidynetwork
[2013/05/06 18:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla FireFox\extensions
[2013/05/03 17:56:20 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
File not found (No name found) -- C:\USERS\WENDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QLIJDHX0.DEFAULT\EXTENSIONS\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
File not found (No name found) -- C:\USERS\WENDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QLIJDHX0.DEFAULT\EXTENSIONS\{EEF3855C-FC2D-41E6-8D91-D368F51B3055}
[2013/05/05 17:14:29 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/05/05 17:14:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/05/05 17:14:26 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - Extension: No name found = C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.1_0\
CHR - Extension: No name found = C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\
CHR - Extension: No name found = C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk\1.6.0.1_0\
CHR - Extension: No name found = C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\
CHR - Extension: No name found = C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2013/05/05 21:24:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (GetSavin 5.0) - {1766FEFF-F32C-413D-ABF4-85119880246C} - C:\Users\Wendy\AppData\Local\getsavin\ie\getsavin_1367175542.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CPMonitor] C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe (Rovi Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3851552987-2318920240-1996636540-1000..\Run: [BackupAgent] C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe File not found
O4 - HKU\S-1-5-21-3851552987-2318920240-1996636540-1000..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files (x86)\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
O4 - HKU\S-1-5-21-3851552987-2318920240-1996636540-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3851552987-2318920240-1996636540-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3851552987-2318920240-1996636540-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3851552987-2318920240-1996636540-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55526514-9B48-4105-9F0B-7FEABC34EAA0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6639E54B-A4DE-48E3-A589-9ED3A4AA8BC5}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\HPRadiance.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/06 18:09:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/06 18:09:31 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/06 18:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/05/06 17:57:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wendy\Desktop\OTL.exe
[2013/05/06 17:56:36 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Wendy\Desktop\JRT.exe
[2013/05/05 21:50:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/05 21:28:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/05 18:42:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/05 18:42:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/05 18:42:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/05 18:36:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/05 18:36:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/05 18:25:44 | 005,066,321 | R--- | C] (Swearware) -- C:\Users\Wendy\Desktop\ComboFix.exe
[2013/05/05 15:50:30 | 000,000,000 | ---D | C] -- C:\Users\Wendy\Desktop\RK_Quarantine
[2013/05/04 19:24:57 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Wendy\Desktop\dds.com
[2013/05/04 16:44:21 | 000,000,000 | ---D | C] -- C:\Users\Wendy\Documents\ProcAlyzer Dumps
[2013/05/02 21:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/05/02 21:37:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013/05/02 21:35:50 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/05/02 21:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/05/02 21:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/05/02 21:34:53 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/05/02 21:34:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/05/02 21:31:35 | 000,000,000 | ---D | C] -- C:\Users\Wendy\AppData\Roaming\Malwarebytes
[2013/05/02 21:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/02 21:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/02 21:31:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/05/02 21:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/05/02 21:29:16 | 000,000,000 | ---D | C] -- C:\Users\Wendy\AppData\Roaming\SUPERAntiSpyware.com
[2013/05/02 21:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/05/02 21:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/05/02 21:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/05/02 18:16:45 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2013/05/02 18:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2013/05/02 18:16:21 | 000,010,728 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2013/05/02 18:16:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2013/05/02 18:16:17 | 000,515,968 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
[2013/05/02 18:16:17 | 000,309,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2013/05/02 18:16:17 | 000,106,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2013/05/02 18:16:17 | 000,070,112 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
[2013/05/02 18:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2013/05/02 18:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2013/05/02 18:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2013/05/02 18:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2013/05/02 18:07:28 | 000,182,752 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2013/04/28 14:18:43 | 000,000,000 | ---D | C] -- C:\Users\Wendy\AppData\Local\MPlayer
[2013/04/28 13:18:12 | 000,000,000 | ---D | C] -- C:\Users\Wendy\Documents\Youcam
[2013/04/28 13:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL
[2013/04/28 12:05:44 | 000,000,000 | ---D | C] -- C:\Users\Wendy\AppData\Roaming\Mozilla
[2013/04/28 12:05:44 | 000,000,000 | ---D | C] -- C:\Users\Wendy\AppData\Local\Mozilla
[2013/04/28 11:58:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/04/28 11:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/04/21 20:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/04/21 20:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/04/21 20:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/04/21 15:06:45 | 005,071,600 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2013/04/21 13:33:08 | 000,000,000 | ---D | C] -- C:\Users\Wendy\AppData\Roaming\player
[2013/04/21 13:24:51 | 000,000,000 | ---D | C] -- C:\Users\Wendy\AppData\Roaming\Roxio Burn
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/06 18:16:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/06 18:12:07 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/06 18:12:07 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/06 18:04:50 | 000,000,285 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2013/05/06 18:04:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/06 18:04:20 | 3213,697,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/06 17:57:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wendy\Desktop\OTL.exe
[2013/05/06 17:56:48 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Wendy\Desktop\JRT.exe
[2013/05/06 17:55:51 | 000,628,743 | ---- | M] () -- C:\Users\Wendy\Desktop\adwcleaner.exe
[2013/05/05 21:24:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/05 19:48:11 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/05 19:48:11 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/05 19:48:11 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/05 18:26:01 | 005,066,321 | R--- | M] (Swearware) -- C:\Users\Wendy\Desktop\ComboFix.exe
[2013/05/05 15:40:08 | 000,791,040 | ---- | M] () -- C:\Users\Wendy\Desktop\RogueKillerX64.exe
[2013/05/04 19:24:59 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Wendy\Desktop\dds.com
[2013/05/02 21:35:49 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/05/02 21:35:00 | 000,002,137 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/05/02 21:31:20 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/02 21:28:59 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/05/02 21:24:11 | 000,002,414 | ---- | M] () -- C:\Users\Wendy\Desktop\McAfee Install Serial Number - Shortcut.lnk
[2013/05/01 21:51:55 | 000,483,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/28 13:05:38 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/04/28 11:58:40 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/04/28 11:58:21 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/21 20:57:20 | 000,772,682 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/21 15:04:18 | 005,071,600 | ---- | M] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/06 17:55:30 | 000,628,743 | ---- | C] () -- C:\Users\Wendy\Desktop\adwcleaner.exe
[2013/05/05 18:42:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/05 18:42:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/05 18:42:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/05 18:42:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/05 18:42:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/05 15:40:06 | 000,791,040 | ---- | C] () -- C:\Users\Wendy\Desktop\RogueKillerX64.exe
[2013/05/02 21:35:00 | 000,002,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/05/02 21:35:00 | 000,002,137 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/05/02 21:31:20 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/02 21:28:59 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/05/02 21:24:11 | 000,002,414 | ---- | C] () -- C:\Users\Wendy\Desktop\McAfee Install Serial Number - Shortcut.lnk
[2013/04/28 13:03:51 | 000,000,866 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/04/28 11:58:40 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/04/28 11:58:21 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/28 11:58:21 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/21 13:32:26 | 000,772,682 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/17 21:11:25 | 000,000,000 | ---- | C] () -- C:\Users\Wendy\AppData\Roaming\wklnhst.dat
[2011/09/27 21:30:24 | 000,023,188 | ---- | C] () -- C:\Users\Wendy\AppData\Local\rx_audio.Cache
[2011/09/27 21:22:05 | 000,000,792 | ---- | C] () -- C:\Users\Wendy\AppData\Local\rx_image32.Cache

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
" " = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/10 00:22:30 | 000,000,000 | ---D | M] -- C:\Users\Wendy\AppData\Roaming\Canon
[2013/04/28 13:24:08 | 000,000,000 | ---D | M] -- C:\Users\Wendy\AppData\Roaming\player
[2011/11/20 22:27:53 | 000,000,000 | ---D | M] -- C:\Users\Wendy\AppData\Roaming\Simple Star
[2012/07/19 20:23:50 | 000,000,000 | ---D | M] -- C:\Users\Wendy\AppData\Roaming\Snapfish

========== Purity Check ==========

< End of report >

Koinos · 2013/05/06

Part 3

OTL Extras logfile created on: 5/6/2013 6:19:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wendy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.98 Gb Available Physical Memory | 74.79% Memory free
7.98 Gb Paging File | 6.45 Gb Available in Paging File | 80.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.02 Gb Total Space | 163.94 Gb Free Space | 74.51% Space Free | Partition Type: NTFS
Drive D: | 12.86 Gb Total Space | 1.92 Gb Free Space | 14.94% Space Free | Partition Type: NTFS

Computer Name: WENDY-PC | User Name: Wendy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3851552987-2318920240-1996636540-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla FireFox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1AC6CC6C-E8D7-4A6F-A6DE-F76B00B4E5C3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{241A38EF-C020-4C3D-B39C-87B9F1173F1B}" = rport=445 | protocol=6 | dir=out | app=system |
"{4B38A4BF-9367-4036-9C16-098A957F6E5C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{522F63AF-B3C2-4B43-8193-C1A1E55E3BB7}" = lport=138 | protocol=17 | dir=in | app=system |
"{543EE731-3AA5-4C2E-BA59-7BB1DB357898}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6BB64795-4C16-4C38-9201-ACE36A929417}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D261149-AA23-410A-853C-6075890B02B3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7822D8B9-1219-440D-B7B0-9A075C653438}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7AB79F4E-BEBD-40C4-A2D3-3B9AF2221649}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7DE66E30-E522-4A21-8B75-0B29884C29F5}" = lport=137 | protocol=17 | dir=in | app=system |
"{910C3C74-B7FD-4732-93AF-3A92B2B1CBA7}" = lport=139 | protocol=6 | dir=in | app=system |
"{97E0CF7E-9CBE-4756-B046-1A0E47C40A79}" = rport=137 | protocol=17 | dir=out | app=system |
"{9C4D229D-C5C7-4875-924A-8C6141B97E81}" = rport=138 | protocol=17 | dir=out | app=system |
"{A0801D2C-6143-4ADB-BB37-C8FCE206EBCD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B75C1404-EB7A-4AAF-84F4-5B3A46B37C02}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE4EDBB6-0788-456E-91D0-B930B37D7206}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5B1C728-F454-4C2D-8794-D4CF2ABACC11}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D3305470-5497-468B-A696-3CC4C0BAC149}" = lport=445 | protocol=6 | dir=in | app=system |
"{D95BC1A1-C61D-4AB0-9F75-8D1AC0B8E8C7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DCD88338-FEEF-400A-9FB3-AE218DEA352F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE412B15-CD4B-4940-895D-27937D2F04D2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{DF429D7B-6639-47E7-B827-65B598910CE6}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D8CACB4-A5CD-42F7-9BEC-60CC3A87C8FC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{12624D7A-BD84-46CD-936F-8F921D615DDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1547AE25-50C7-4D79-889D-36CAC7B7DFBB}" = protocol=17 | dir=in | app=c:\program files (x86)\123copydvd gold\123copydvd.exe |
"{15686D8B-8810-4F92-82A3-17E837383EF3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1887A979-5D4E-4902-83DC-D759E4F1A85E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1A164D34-B629-43F5-B9EA-138F99F92561}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{21385F6D-CE76-4A09-BD65-B1104B5158C9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27BD4579-9197-46E7-A531-5A933316C537}" = protocol=17 | dir=in | app=c:\program files (x86)\123copydvd gold\123copydvd.exe |
"{2A57E8BA-BA8B-46D4-9BC0-C8CC02743710}" = protocol=6 | dir=out | app=system |
"{46715796-E592-4D12-ADE5-24F345BF1E2C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4C17087A-4E7B-4EFC-84D7-FB7186E33EA2}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{4E9A639C-DE20-4A7A-B989-0D776E8EAB4C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5DC663C1-3D9C-4989-BEDA-B7F31742BCDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66C4722C-83F7-4E14-954D-8C7408BC9EFE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6CC4819F-EF39-4D8D-8419-05E22112F474}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6CE540CA-1EE6-4B2B-AF17-D6D91B21F524}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6D120723-5136-48CA-96DD-3AA0347616D8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{70672B67-FCA5-4DD9-8F01-05D66B0D07D5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{72A55953-E28F-4A25-9FFC-217077694905}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{762B26C2-1D06-4C75-849B-4D89C6752F6E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7AEBDF5B-FB26-416E-B0AB-6CFBA5FFD915}" = protocol=6 | dir=in | app=c:\program files (x86)\123copydvd gold\123copydvd.exe |
"{7F392C03-FD0D-4DD3-A327-9A61769F0087}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{889AD08F-3856-44C1-A908-B7420EF84A35}" = protocol=17 | dir=in | app=c:\program files (x86)\123copydvd gold 2009\123copydvd.exe |
"{89883E39-DF31-4648-BBE2-8D0AD2F688A4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{93B06CF6-192F-4E51-8130-6CA903207450}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9B73F14B-FA04-418E-B047-CDE590029741}" = protocol=6 | dir=in | app=c:\program files (x86)\123copydvd gold\123copydvd.exe |
"{A0B46EEC-8FCF-4604-8659-2F841EE2F824}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A88757D6-376F-4294-AAB3-FB304A2F328E}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{AA69A003-C5D3-4A2F-8098-33131FB96FD0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B604AF81-6A99-4F26-BA08-EA42573FBF40}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B62E7308-9C72-4671-98D8-88F53AE780F2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B899AADB-3627-4A3C-A02A-3DD0AC9C79BA}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{BAF13A6F-10F0-4EA6-AB98-73C600DA9242}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C14630FC-0836-4FA2-BC6F-2A26761CF92D}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{C40944FD-E9FE-455B-890C-8664DA8942E1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{EB6D8BEA-9023-4045-9150-85C81BF93029}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EF4A0480-67EC-48F9-BB46-74706879B932}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA9510C2-5F9C-4C8A-B9C6-749AC4F3CC70}" = protocol=6 | dir=in | app=c:\program files (x86)\123copydvd gold 2009\123copydvd.exe |
"{FF8F8FC1-8641-4119-829A-C84B885762F0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FFE287A9-3C00-4C07-A58E-687C22D49493}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{11192F89-510C-4E23-A62A-D3BEA9139596}" = HP QuickTouch 1.00 C3
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A348C751-0EFF-4B9D-8065-B5339BEFBE27}" = HP Help and Support
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CanonMyPrinter" = Canon My Printer
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{117F771F-EA62-437B-AA3C-65F77B1E4C63}" = AT&T Quick Fix Client
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Simsâ„¢ Life Stories
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2DDBB2E7-CB4E-4E65-A6B9-B9C95ED77D42}" = Triple Scoop Music
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{302763FD-5CEA-4DFF-80C8-9B41414C4822}" = Roxio CinePlayer
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{3A9527CF-4E91-4683-A03F-F1AD022126E5}" = DirectX 9 Runtime
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59DB31A9-BCB0-4985-ACA6-F6477C7BE367}" = Strongvault Online Backup
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{80DB8010-A5CB-46FA-B8A5-B72DE4C56E03}" = Roxio Creator 2012 Special Edition
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{AAB42DD0-9551-4E30-A3E4-F87D4A4E1C52}" = Roxio Creator 2012 Special Edition
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CDE9C04A-7F8B-40A8-A4A5-875E228254A6}" = Roxio Creator Content 2012
"{CE86D656-C887-4EF1-B2D7-2A1075435964}" = Face Filter
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E57CB134-A1D5-4750-865D-55C315A33B4C}" = Roxio Creator 2012 Special Edition
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AviSynth" = AviSynth 2.5
"Canon MX310 series User Registration" = Canon MX310 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"GetSavin" = GetSavin
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Smart Web Printing" = HP Smart Web Printing
"InfoAtoms" = InfoAtoms
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"LP Recorder" = LP Recorder
"LP Ripper" = LP Ripper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Mplayer" = Mplayer 0.6.9
"MSC" = McAfee SecurityCenter
"Nero PhotoShow Express" = Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Roxio PhotoShow" = Roxio PhotoShow
"Wave Corrector DeClick_is1" = Wave Corrector DeClick version 1.1
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3851552987-2318920240-1996636540-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Spybot - Search and Destroy Events ]
Error - 5/4/2013 2:02:44 PM | Computer Name = Wendy-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

< End of report >

broni · 2013/05/06

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2 - BHO: (GetSavin 5.0) - {1766FEFF-F32C-413D-ABF4-85119880246C} - C:\Users\Wendy\AppData\Local\getsavin\ie\getsavin_1367175542.dll File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-3851552987-2318920240-1996636540-1000..\Run: [BackupAgent] C:\Program Files (x86)\Strongvault Online Backup\BackupAgent.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.


:Services

:Reg

:Files
C:\Program Files (x86)\Strongvault Online Backup

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Other Services

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Koinos · 2013/05/07

OTL log
All processes killed
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1766FEFF-F32C-413D-ABF4-85119880246C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1766FEFF-F32C-413D-ABF4-85119880246C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3851552987-2318920240-1996636540-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BackupAgent deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files (x86)\Strongvault Online Backup not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Wendy
->Temp folder emptied: 41401 bytes
->Temporary Internet Files folder emptied: 217096031 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 69993524 bytes
->Google Chrome cache emptied: 7621197 bytes
->Flash cache emptied: 8189905 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 22016 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17088 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
RecycleBin emptied: 3868766 bytes

Total Files Cleaned = 293.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Wendy
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Wendy
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05062013_200611

Files\Folders moved on Reboot...
C:\Users\Wendy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Security Check Log

Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.1
Java 7 Update 21
Java(TM) 6 Update 2
Adobe Reader XI
Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

FSS Log

Farbar Service Scanner Version: 14-04-2013
Ran by Wendy (administrator) on 06-05-2013 at 20:21:11
Running from "C:\Users\Wendy\Desktop "
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

ESET reported nothing found

broni · 2013/05/07

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Do NOT post JavaRa log.

===============================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

Koinos · 2013/05/07

OTL Log
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Wendy
->Temp folder emptied: 3885 bytes
->Temporary Internet Files folder emptied: 467037 bytes
->Java cache emptied: 45958 bytes
->FireFox cache emptied: 6846550 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 846 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12000 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Wendy
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Wendy
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05072013_190327

Files\Folders moved on Reboot...
C:\Users\Wendy\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\Wendy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
_____________________________________________________________________

Running the OTL cleanup after this post.

Only issue I'm still seeing so far is inability to create a new folder in Windows Explore through the New Folder button. Also not seen with Right Click, New option. Any thoughts?

broni · 2013/05/07

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator ".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

Koinos · 2013/05/08

Another grand slam Broni.
Create Folder function is restored.

_Windows_Repair_Log
Running Repair Under System Account
Starting Repairs...
Start (5/8/2013 7:48:47 PM)

Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (5/8/2013 7:48:47 PM)
Running Repair Under Current User Account
Done (5/8/2013 7:49:07 PM)

Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (5/8/2013 7:49:07 PM)
Running Repair Under System Account
Done (5/8/2013 7:54:41 PM)

Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (5/8/2013 7:54:41 PM)
Running Repair Under System Account
Done (5/8/2013 7:56:27 PM)

Register System Files
Start (5/8/2013 7:56:27 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 7:57:06 PM)

Repair WMI
Start (5/8/2013 7:57:06 PM)
Running Repair Under Current User Account
Invalid Global Switch.

Invalid Global Switch.

Running Repair Under System Account
Invalid Global Switch.

Invalid Global Switch.

Done (5/8/2013 7:59:41 PM)

Repair Windows Firewall
Start (5/8/2013 7:59:41 PM)
Running Repair Under Current User Account
System error 5 has occurred.

Access is denied.

The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

System error 5 has occurred.

Access is denied.

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

Running Repair Under System Account
The Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

The Internet Connection Sharing (ICS) service could not be started.

The service did not report an error.

More help is available by typing NET HELPMSG 3534.

Done (5/8/2013 8:00:07 PM)

Repair Internet Explorer
Start (5/8/2013 8:00:07 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:00:40 PM)

Repair MDAC/MS Jet
Start (5/8/2013 8:00:40 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:00:55 PM)

Repair Hosts File
Start (5/8/2013 8:00:55 PM)
Running Repair Under System Account
Done (5/8/2013 8:00:57 PM)

Remove Policies Set By Infections
Start (5/8/2013 8:00:57 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:01:02 PM)

Repair Icons
Start (5/8/2013 8:01:02 PM)
Running Repair Under System Account
Could Not Find C:\Users\Wendy\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\Wendy\AppData\Local\IconCache.db
Done (5/8/2013 8:01:04 PM)

Repair Winsock & DNS Cache
Start (5/8/2013 8:01:04 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:01:20 PM)

Repair Proxy Settings
Start (5/8/2013 8:01:20 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:01:24 PM)

Repair Windows Updates
Start (5/8/2013 8:01:24 PM)
Running Repair Under Current User Account
The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.

More help is available by typing NET HELPMSG 3521.

The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Windows Update service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
Done (5/8/2013 8:01:44 PM)

Repair CD/DVD Missing/Not Working
Start (5/8/2013 8:01:44 PM)
Done (5/8/2013 8:01:44 PM)

Repair Volume Shadow Copy Service
Start (5/8/2013 8:01:44 PM)
Running Repair Under Current User Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

Running Repair Under System Account
The Volume Shadow Copy service is not started.

More help is available by typing NET HELPMSG 3521.

The Microsoft Software Shadow Copy Provider service is not started.

More help is available by typing NET HELPMSG 3521.

Done (5/8/2013 8:01:49 PM)

Repair MSI (Windows Installer)
Start (5/8/2013 8:01:49 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:01:58 PM)

Repair bat Association
Start (5/8/2013 8:01:58 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:02:03 PM)

Repair cmd Association
Start (5/8/2013 8:02:03 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:02:07 PM)

Repair com Association
Start (5/8/2013 8:02:07 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:02:12 PM)

Repair Directory Association
Start (5/8/2013 8:02:12 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:02:17 PM)

Repair Drive Association
Start (5/8/2013 8:02:17 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:02:21 PM)

Repair exe Association
Start (5/8/2013 8:02:22 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:02:26 PM)

Repair Folder Association
Start (5/8/2013 8:02:26 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:02:31 PM)

Repair inf Association
Start (5/8/2013 8:02:31 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:02:36 PM)

Repair lnk (Shortcuts) Association
Start (5/8/2013 8:02:36 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:02:40 PM)

Repair msc Association
Start (5/8/2013 8:02:40 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:02:45 PM)

Repair reg Association
Start (5/8/2013 8:02:45 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:02:50 PM)

Repair scr Association
Start (5/8/2013 8:02:50 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:02:55 PM)

Repair Windows Safe Mode
Start (5/8/2013 8:02:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:02:59 PM)

Repair Print Spooler
Start (5/8/2013 8:02:59 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:03:13 PM)

Restore Important Windows Services
Start (5/8/2013 8:03:13 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:03:17 PM)

Set Windows Services To Default Startup
Start (5/8/2013 8:03:17 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/8/2013 8:03:26 PM)

Cleaning up empty logs...

All Selected Repairs Done.
Done (5/8/2013 8:03:26 PM)
Total Repair Time: 00:14:39

...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account

broni · 2013/05/08

Good news

Way to go!!
Good luck and stay safe

Log in or Sign up

Solved PUP.CrossFire.SA

Koinos Well-Known Member Thread Starter

broni Moderator Malware Analyst

Koinos Well-Known Member Thread Starter

broni Moderator Malware Analyst

Koinos Well-Known Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Koinos Well-Known Member Thread Starter

Koinos Well-Known Member Thread Starter

broni Moderator Malware Analyst

Koinos Well-Known Member Thread Starter

Koinos Well-Known Member Thread Starter

Koinos Well-Known Member Thread Starter

broni Moderator Malware Analyst

Koinos Well-Known Member Thread Starter

broni Moderator Malware Analyst

Koinos Well-Known Member Thread Starter

broni Moderator Malware Analyst

Koinos Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved PUP.CrossFire.SA

Koinos Well-Known Member Thread Starter

broni Moderator Malware Analyst

Koinos Well-Known Member Thread Starter

broni Moderator Malware Analyst

Koinos Well-Known Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Koinos Well-Known Member Thread Starter

Koinos Well-Known Member Thread Starter

broni Moderator Malware Analyst

Koinos Well-Known Member Thread Starter

Koinos Well-Known Member Thread Starter

Koinos Well-Known Member Thread Starter

broni Moderator Malware Analyst

Koinos Well-Known Member Thread Starter

broni Moderator Malware Analyst

Koinos Well-Known Member Thread Starter

broni Moderator Malware Analyst

Koinos Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches