doctorpg

Members
  • Content count

    8
  • Joined

  • Last visited

About doctorpg

  • Rank
    New Member
  1. gringo sorry for the delay: finals week and the last week of classes so a bit busy on this end. meanwhile,i did the remaining tasks you outlined with these observations: 1. delfile.bat: when saved an allfile option was not available so i merely saved as a txt but it saved to the desktop as a *.bat file anyway. it ran and looked like it did it's job. 2. defog ran again but when it finished it did not ask me to reboot, so i did not. 3. combfix i was asked to update to a newer version but i declined.. since we were removing it anyway. 4.java: after install i got this popup screen: browserlauncherror: 3 i closed the popup and nothing else seemed to occur. 5. i downloaded mse without removing the norton 360 or mbam i already have installed. i have not yet installed the mse, winpatrol, or the new version of mbam yet. that's it to date. again many thanks for the help and i am going to paypal now. doctorpg
  2. hi gringo here are the latest results. a few notes and a question first: when downloading the eset program it said it detected other AV programs which might interfere: the norton 360 which i had purchased last week in a vain attempt to remove the malware, and something called 'ALWIL' which i searched for but found no match using the string 'alwil' the eset seemed to proceed anyway. the query: if i have backed up my C drive before starting on the malware removal campaign, is it likely those drives (a flash drive and a seagate 1TB drive) have some bad actors in them? and are they easier to remove from there? doctorpg eset scan: C:\Users\doctorpg\Downloads\ARO2012_tbt.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Users\doctorpg\Downloads\dieter-steffmann_blackletter.exe Win32/OpenCandy application C:\Users\doctorpg\Downloads\PCCleanupUtility_SS.exe a variant of Win32/Somoto.A application C:\Users\doctorpg\Downloads\Setup(1).exe a variant of Win32/Adware.iBryte.G application C:\Users\doctorpg\Downloads\WinZipRegistryOptimizer.exe a variant of Win32/OpenInstall application
  3. hi gringo a few minor issues were encountered when complying with your latest instructions: 1.when using the revo uninstaller neither the ask toolbar nor the mcafee security scan plus were listed; the revo also had a search bar and i searched both of them with no hits. when using revo to uninstall the fast free converter, i got an error msg: "running the application's uninstaller failed! possible invalid command" but i still proceeded with the removal and it seemed to work and completed the task. i skipped the adobe and foxit pdf reader steps after running the mbam , which ironically found a hijack something bad file, i waited about a minute before reboot. was this ok?; the instructioins said reboot immediately. machine seems to be doing very well and faster to load pages etc. doctorpg mbam report: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.11.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 doctorpg :: EMACHINE [administrator] 5/11/2013 7:55:38 PM mbam-log-2013-05-11 (19-55-38).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 239817 Time elapsed: 3 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command| (Hijack.HomePage) -> Bad: (http://securityresponse.symantec.com/avcenter/fix_homepage/) Good: (iexplore.exe) -> Delete on reboot. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) hijackthis report: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:07:52 PM, on 5/11/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe C:\Windows\PixArt\PAC7302\Monitor.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Users\doctorpg\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\doctorpg\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\doctorpg\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\doctorpg\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\doctorpg\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\IPS\IPSBHO.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Fast Free Converter 3.0 - {A071936A-AB6B-4978-9342-E47C06FCDEC1} - C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coIEPlg.dll O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-21-740012862-3860203603-3183974410-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-740012862-3860203603-3183974410-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll (file missing) O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: FastFreeConverterUpdt - Unknown owner - C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater15.0.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10014 bytes
  4. here is the 2nd combofix output. it's operation and initiation, download etc were not exactly as you described (do not recall the details) but it still ran ok. .... i hope. have not yet checked to see hope the desktop is operating. doctorpg ComboFix 13-05-11.01 - doctorpg 05/10/2013 22:30:37.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2649 [GMT -7:00] Running from: c:\users\doctorpg\Downloads\ComboFix.exe Command switches used :: c:\users\doctorpg\Desktop\CFScript.txt AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-04-11 to 2013-05-11 ))))))))))))))))))))))))))))))) . . 2013-05-11 05:37 . 2013-05-11 05:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-10 21:49 . 2013-05-10 21:49 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5008120C-2F34-4F4F-8ED5-840EBEDAED7F}\offreg.dll 2013-05-10 15:18 . 2013-04-17 13:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5008120C-2F34-4F4F-8ED5-840EBEDAED7F}\mpengine.dll 2013-05-09 17:02 . 2013-05-09 17:02 -------- d-----w- c:\windows\ERUNT 2013-05-09 16:59 . 2013-05-09 17:02 -------- d-----w- C:\JRT 2013-05-09 15:16 . 2013-05-09 15:16 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2013-05-09 00:56 . 2013-05-09 00:56 -------- d-----w- c:\users\doctorpg\AppData\Local\Adobe 2013-05-07 05:04 . 2013-05-07 05:04 -------- d-----w- c:\users\doctorpg\AppData\Local\Apple 2013-05-02 00:33 . 2013-05-02 00:33 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-05-02 00:09 . 2013-04-04 12:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-28 02:00 . 2013-04-28 02:00 -------- d-s---w- c:\windows\SysWow64\Microsoft 2013-04-23 19:25 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-23 05:38 . 2013-03-06 22:32 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-04-23 05:37 . 2013-04-23 05:37 -------- d-----w- c:\program files\AVAST Software 2013-04-23 05:37 . 2013-04-28 22:56 -------- d-----w- c:\programdata\AVAST Software 2013-04-20 23:03 . 2013-04-20 23:22 -------- d-----w- c:\users\doctorpg\AppData\Roaming\Nico Mak Computing 2013-04-15 22:32 . 2013-04-15 22:32 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-04-15 22:32 . 2013-04-15 22:32 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-04-15 10:08 . 2013-04-28 22:03 -------- d-----w- c:\users\UpdatusUser 2013-04-15 10:08 . 2013-04-15 10:08 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2013-04-15 10:05 . 2013-02-20 05:32 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-04-15 10:05 . 2013-02-20 05:32 61216 ----a-w- c:\windows\system32\OpenCL.dll 2013-04-15 10:04 . 2013-04-15 10:04 -------- d-----w- c:\programdata\NVIDIA Corporation 2013-04-15 10:04 . 2013-04-15 10:08 -------- d-----w- c:\program files\NVIDIA Corporation 2013-04-13 10:11 . 2013-04-13 10:11 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe 2013-04-12 22:59 . 2013-04-15 10:08 -------- d-----w- C:\temp 2013-04-12 22:58 . 2013-04-12 22:58 -------- d-----w- c:\program files (x86)\PC HealthBoost 2013-04-12 22:55 . 2013-04-12 22:59 -------- d-----w- c:\programdata\PCHealthBoost 2013-04-12 21:53 . 2013-04-12 21:53 -------- d-----w- c:\users\doctorpg\AppData\Local\PC_Cleanup_Utility_Inc 2013-04-12 21:53 . 2013-04-12 21:53 -------- d-----w- c:\users\doctorpg\AppData\Local\PC Cleanup Utility Inc 2013-04-12 21:53 . 2013-04-12 21:53 -------- d-----w- c:\programdata\PC Cleanup Utility Inc 2013-04-12 21:51 . 2013-04-17 15:35 -------- d-----w- c:\users\doctorpg\AppData\Local\Shield . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-02 09:06 . 2011-06-29 04:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-11 14:22 . 2011-06-11 08:58 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll 2013-04-11 14:22 . 2011-06-11 08:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2013-04-11 10:07 . 2011-07-11 17:58 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-07 05:45 . 2012-09-04 03:15 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-04-04 21:50 . 2011-06-29 20:52 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-28 16:53 . 2012-08-03 21:18 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-03-28 16:53 . 2011-06-29 22:16 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-19 06:04 . 2013-04-10 15:40 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 15:40 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 15:40 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 15:40 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 15:40 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 15:40 112640 ----a-w- c:\windows\system32\smss.exe 2013-03-15 10:04 . 2013-03-15 10:04 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-15 10:04 . 2013-03-15 10:04 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-15 10:04 . 2013-03-15 10:04 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-15 10:04 . 2013-03-15 10:04 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-15 10:04 . 2013-03-15 10:04 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-15 10:04 . 2013-03-15 10:04 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-15 10:04 . 2013-03-15 10:04 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-15 10:04 . 2013-03-15 10:04 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-15 10:04 . 2013-03-15 10:04 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-15 10:04 . 2013-03-15 10:04 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-15 10:04 . 2013-03-15 10:04 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-15 10:04 . 2013-03-15 10:04 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-15 10:04 . 2013-03-15 10:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-15 10:04 . 2013-03-15 10:04 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-15 10:04 . 2013-03-15 10:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-15 10:04 . 2013-03-15 10:04 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-15 10:04 . 2013-03-15 10:04 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-15 10:04 . 2013-03-15 10:04 441856 ----a-w- c:\windows\system32\html.iec 2013-03-15 10:04 . 2013-03-15 10:04 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-15 10:04 . 2013-03-15 10:04 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-15 10:04 . 2013-03-15 10:04 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-15 10:04 . 2013-03-15 10:04 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-15 10:04 . 2013-03-15 10:04 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-15 10:04 . 2013-03-15 10:04 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-15 10:04 . 2013-03-15 10:04 235008 ----a-w- c:\windows\system32\url.dll 2013-03-15 10:04 . 2013-03-15 10:04 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-15 10:04 . 2013-03-15 10:04 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-15 10:04 . 2013-03-15 10:04 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-15 10:04 . 2013-03-15 10:04 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-15 10:04 . 2013-03-15 10:04 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-15 10:04 . 2013-03-15 10:04 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-15 10:04 . 2013-03-15 10:04 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-15 10:04 . 2013-03-15 10:04 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-15 10:04 . 2013-03-15 10:04 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-15 10:04 . 2013-03-15 10:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-15 10:04 . 2013-03-15 10:04 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-15 10:04 . 2013-03-15 10:04 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-15 10:04 . 2013-03-15 10:04 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-15 10:04 . 2013-03-15 10:04 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-15 10:04 . 2013-03-15 10:04 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-15 10:04 . 2013-03-15 10:04 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-15 10:04 . 2013-03-15 10:04 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-15 10:04 . 2013-03-15 10:04 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-15 10:04 . 2013-03-15 10:04 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-15 10:04 . 2013-03-15 10:04 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-15 10:04 . 2013-03-15 10:04 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-15 10:04 . 2013-03-15 10:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-15 10:04 . 2013-03-15 10:04 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-15 10:04 . 2013-03-15 10:04 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-13 00:08 . 2012-07-09 16:44 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 00:08 . 2011-06-29 17:15 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-01 03:36 . 2013-04-10 15:42 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-20 05:32 . 2006-06-02 21:02 15413704 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-02-20 05:32 . 2013-02-20 05:32 25256736 ----a-w- c:\windows\system32\nvcompiler.dll 2013-02-20 05:32 . 2013-02-20 05:32 2222880 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-02-20 05:32 . 2006-06-02 21:02 18376008 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-02-20 05:32 . 2013-02-20 05:32 2749216 ----a-w- c:\windows\system32\nvcuvid.dll 2013-02-20 05:32 . 2013-02-20 05:32 1802528 ----a-w- c:\windows\system32\nvdispco64.dll 2013-02-20 05:32 . 2013-02-20 05:32 7457968 ----a-w- c:\windows\system32\nvopencl.dll 2013-02-20 05:32 . 2013-02-20 05:32 26341664 ----a-w- c:\windows\system32\nvoglv64.dll 2013-02-20 05:32 . 2013-02-20 05:32 2446416 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-02-20 05:32 . 2006-06-02 21:02 2752880 ----a-w- c:\windows\system32\nvapi64.dll 2013-02-20 05:32 . 2013-02-20 05:32 6162704 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-02-20 05:32 . 2013-02-20 05:32 13531936 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-02-20 05:32 . 2013-02-20 05:32 7754560 ----a-w- c:\windows\SysWow64\nvcuda.dll 2013-02-20 05:32 . 2013-02-20 05:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2013-02-20 05:32 . 2013-02-20 05:32 2577184 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2013-02-20 05:32 . 2013-02-20 05:32 1869088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2013-02-20 05:32 . 2013-02-20 05:32 19915552 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-02-20 05:32 . 2013-02-20 05:32 9184760 ----a-w- c:\windows\system32\nvcuda.dll 2013-02-20 05:32 . 2013-02-20 05:32 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll 2013-02-15 06:08 . 2013-04-10 15:41 44032 ----a-w- c:\windows\system32\tsgqec.dll 2013-02-15 06:06 . 2013-04-10 15:41 3717632 ----a-w- c:\windows\system32\mstscax.dll 2013-02-15 06:02 . 2013-04-10 15:41 158720 ----a-w- c:\windows\system32\aaclient.dll 2013-02-15 04:37 . 2013-04-10 15:41 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-02-15 04:34 . 2013-04-10 15:41 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2013-02-15 03:25 . 2013-04-10 15:41 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll 2013-02-12 05:45 . 2013-03-13 21:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 21:14 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 21:14 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 21:14 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 21:14 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 21:14 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-14 10:02 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A071936A-AB6B-4978-9342-E47C06FCDEC1}] c:\progra~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL [bU] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-15 39408] . c:\users\doctorpg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 FastFreeConverterUpdt;FastFreeConverterUpdt;c:\program files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2008-07-29 1075712] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-01 1255736] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1403010.016\SYMDS64.SYS [2013-01-22 493656] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-04-07 39768] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [2013-04-12 1390680] S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1403010.016\ccSetx64.sys [2012-11-16 168096] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130510.001\IDSvia64.sys [2013-04-30 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1403010.016\Ironx64.SYS [2012-11-16 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1403010.016\SYMNETS.SYS [2013-01-31 432800] S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520] S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160] S2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-04-07 990896] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-16 138912] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - AVGTP . Contents of the 'Scheduled Tasks' folder . 2013-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 00:08] . 2013-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 05:26] . 2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 05:26] . 2013-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-740012862-3860203603-3183974410-1000Core.job - c:\users\doctorpg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-22 10:28] . 2013-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-740012862-3860203603-3183974410-1000UA.job - c:\users\doctorpg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-22 10:28] . 2013-04-12 c:\windows\Tasks\PCHB_doctorpg_PCHealthBoost_LG.job - c:\program files (x86)\PC HealthBoost\PCHealthBoost.exe [2013-04-06 20:22] . 2013-04-12 c:\windows\Tasks\PCHB_doctorpg_PCHealthBoost_RM.job - c:\program files (x86)\PC HealthBoost\PCHealthBoost.exe [2013-04-06 20:22] . 2013-04-12 c:\windows\Tasks\PCHB_doctorpg_PCHealthBoost_RN.job - c:\program files (x86)\PC HealthBoost\PCHealthBoost.exe [2013-04-06 20:22] . 2013-04-12 c:\windows\Tasks\PCHB_doctorpg_PCHealthBoost_RS.job - c:\program files (x86)\PC HealthBoost\PCHealthBoost.exe [2013-04-06 20:22] . 2013-04-12 c:\windows\Tasks\PCHB_doctorpg_PCHealthBoost_UP.job - c:\program files (x86)\PC HealthBoost\PCHealthBoost.exe [2013-04-06 20:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\doctorpg\AppData\Roaming\Mozilla\Firefox\Profiles\pxdrtys7.default\ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-04-07 12:11; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\doctorpg\AppData\Roaming\Mozilla\Firefox\Profiles\pxdrtys7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF - ExtSQL: 2013-04-27 19:06; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Fast Free Converter - c:\program files (x86)\Fast Free Converter\uninstall.exe AddRemove-sp@sp.com - c:\program files (x86)\Social Privacy\uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.3.1.22\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SPBBCDrv] "ImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-740012862-3860203603-3183974410-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð] @Class="Shell" . [HKEY_USERS\S-1-5-21-740012862-3860203603-3183974410-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð\OpenWithList] @Class="Shell" "a"="WksWP.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-740012862-3860203603-3183974410-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð\OpenWithProgids] "?_auto_file"=hex(0): . [HKEY_USERS\S-1-5-21-740012862-3860203603-3183974410-1000_Classes\.*)ð] @Allowed: (Read) (RestrictedCode) @="?_auto_file" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-05-10 22:40:01 ComboFix-quarantined-files.txt 2013-05-11 05:40 ComboFix2.txt 2013-05-10 21:53 . Pre-Run: 537,893,298,176 bytes free Post-Run: 537,639,067,648 bytes free . - - End Of File - - E2AD418572DC7B1E5D997878695F2DDC
  5. here is the combofix output; machine is running well; so far so good. when i disabled the AV (norton 360) for 5 hrs as instructed, after starting combofix it said the norton was still there but combofix was going to run anyway. btw, what should i do with all the *.exe files i've put on the desktop to fix the problems: leave, dele, or what? doctorpg ComboFix 13-05-10.03 - doctorpg 05/10/2013 14:43:57.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2754 [GMT -7:00] Running from: c:\users\doctorpg\Downloads\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system\Color . . ((((((((((((((((((((((((( Files Created from 2013-04-10 to 2013-05-10 ))))))))))))))))))))))))))))))) . . 2013-05-10 21:50 . 2013-05-10 21:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-10 21:49 . 2013-05-10 21:49 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5008120C-2F34-4F4F-8ED5-840EBEDAED7F}\offreg.dll 2013-05-10 15:18 . 2013-04-17 13:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5008120C-2F34-4F4F-8ED5-840EBEDAED7F}\mpengine.dll 2013-05-09 17:02 . 2013-05-09 17:02 -------- d-----w- c:\windows\ERUNT 2013-05-09 16:59 . 2013-05-09 17:02 -------- d-----w- C:\JRT 2013-05-09 15:16 . 2013-05-09 15:16 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2013-05-09 00:56 . 2013-05-09 00:56 -------- d-----w- c:\users\doctorpg\AppData\Local\Adobe 2013-05-07 05:04 . 2013-05-07 05:04 -------- d-----w- c:\users\doctorpg\AppData\Local\Apple 2013-05-02 00:33 . 2013-05-02 00:33 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-05-02 00:09 . 2013-04-04 12:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-28 02:00 . 2013-04-28 02:00 -------- d-s---w- c:\windows\SysWow64\Microsoft 2013-04-23 19:25 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-23 05:38 . 2013-03-06 22:32 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-04-23 05:37 . 2013-04-23 05:37 -------- d-----w- c:\program files\AVAST Software 2013-04-23 05:37 . 2013-04-28 22:56 -------- d-----w- c:\programdata\AVAST Software 2013-04-20 23:03 . 2013-04-20 23:22 -------- d-----w- c:\users\doctorpg\AppData\Roaming\Nico Mak Computing 2013-04-15 22:32 . 2013-04-15 22:32 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-04-15 22:32 . 2013-04-15 22:32 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-04-15 10:08 . 2013-04-28 22:03 -------- d-----w- c:\users\UpdatusUser 2013-04-15 10:08 . 2013-04-15 10:08 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2013-04-15 10:05 . 2013-02-20 05:32 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-04-15 10:05 . 2013-02-20 05:32 61216 ----a-w- c:\windows\system32\OpenCL.dll 2013-04-15 10:04 . 2013-04-15 10:04 -------- d-----w- c:\programdata\NVIDIA Corporation 2013-04-15 10:04 . 2013-04-15 10:08 -------- d-----w- c:\program files\NVIDIA Corporation 2013-04-13 10:11 . 2013-04-13 10:11 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe 2013-04-12 22:59 . 2013-04-15 10:08 -------- d-----w- C:\temp 2013-04-12 22:58 . 2013-04-12 22:58 -------- d-----w- c:\program files (x86)\PC HealthBoost 2013-04-12 22:55 . 2013-04-12 22:59 -------- d-----w- c:\programdata\PCHealthBoost 2013-04-12 21:53 . 2013-04-12 21:53 -------- d-----w- c:\users\doctorpg\AppData\Local\PC_Cleanup_Utility_Inc 2013-04-12 21:53 . 2013-04-12 21:53 -------- d-----w- c:\users\doctorpg\AppData\Local\PC Cleanup Utility Inc 2013-04-12 21:53 . 2013-04-12 21:53 -------- d-----w- c:\programdata\PC Cleanup Utility Inc 2013-04-12 21:51 . 2013-04-17 15:35 -------- d-----w- c:\users\doctorpg\AppData\Local\Shield . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-02 09:06 . 2011-06-29 04:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-11 14:22 . 2011-06-11 08:58 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll 2013-04-11 14:22 . 2011-06-11 08:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2013-04-11 10:07 . 2011-07-11 17:58 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-07 05:45 . 2012-09-04 03:15 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-04-04 21:50 . 2011-06-29 20:52 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-28 16:53 . 2012-08-03 21:18 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-03-28 16:53 . 2011-06-29 22:16 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-19 06:04 . 2013-04-10 15:40 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 15:40 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 15:40 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 15:40 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 15:40 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 15:40 112640 ----a-w- c:\windows\system32\smss.exe 2013-03-15 10:04 . 2013-03-15 10:04 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-15 10:04 . 2013-03-15 10:04 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-15 10:04 . 2013-03-15 10:04 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-15 10:04 . 2013-03-15 10:04 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-15 10:04 . 2013-03-15 10:04 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-15 10:04 . 2013-03-15 10:04 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-15 10:04 . 2013-03-15 10:04 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-15 10:04 . 2013-03-15 10:04 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-15 10:04 . 2013-03-15 10:04 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-15 10:04 . 2013-03-15 10:04 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-15 10:04 . 2013-03-15 10:04 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-15 10:04 . 2013-03-15 10:04 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-15 10:04 . 2013-03-15 10:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-15 10:04 . 2013-03-15 10:04 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-15 10:04 . 2013-03-15 10:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-15 10:04 . 2013-03-15 10:04 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-15 10:04 . 2013-03-15 10:04 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-15 10:04 . 2013-03-15 10:04 441856 ----a-w- c:\windows\system32\html.iec 2013-03-15 10:04 . 2013-03-15 10:04 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-15 10:04 . 2013-03-15 10:04 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-15 10:04 . 2013-03-15 10:04 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-15 10:04 . 2013-03-15 10:04 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-15 10:04 . 2013-03-15 10:04 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-15 10:04 . 2013-03-15 10:04 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-15 10:04 . 2013-03-15 10:04 235008 ----a-w- c:\windows\system32\url.dll 2013-03-15 10:04 . 2013-03-15 10:04 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-15 10:04 . 2013-03-15 10:04 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-15 10:04 . 2013-03-15 10:04 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-15 10:04 . 2013-03-15 10:04 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-15 10:04 . 2013-03-15 10:04 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-15 10:04 . 2013-03-15 10:04 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-15 10:04 . 2013-03-15 10:04 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-15 10:04 . 2013-03-15 10:04 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-15 10:04 . 2013-03-15 10:04 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-15 10:04 . 2013-03-15 10:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-15 10:04 . 2013-03-15 10:04 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-15 10:04 . 2013-03-15 10:04 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-15 10:04 . 2013-03-15 10:04 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-15 10:04 . 2013-03-15 10:04 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-15 10:04 . 2013-03-15 10:04 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-15 10:04 . 2013-03-15 10:04 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-15 10:04 . 2013-03-15 10:04 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-15 10:04 . 2013-03-15 10:04 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-15 10:04 . 2013-03-15 10:04 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-15 10:04 . 2013-03-15 10:04 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-15 10:04 . 2013-03-15 10:04 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-15 10:04 . 2013-03-15 10:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-15 10:04 . 2013-03-15 10:04 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-15 10:04 . 2013-03-15 10:04 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-13 00:08 . 2012-07-09 16:44 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 00:08 . 2011-06-29 17:15 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-01 03:36 . 2013-04-10 15:42 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-20 05:32 . 2006-06-02 21:02 15413704 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-02-20 05:32 . 2013-02-20 05:32 25256736 ----a-w- c:\windows\system32\nvcompiler.dll 2013-02-20 05:32 . 2013-02-20 05:32 2222880 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-02-20 05:32 . 2006-06-02 21:02 18376008 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-02-20 05:32 . 2013-02-20 05:32 2749216 ----a-w- c:\windows\system32\nvcuvid.dll 2013-02-20 05:32 . 2013-02-20 05:32 1802528 ----a-w- c:\windows\system32\nvdispco64.dll 2013-02-20 05:32 . 2013-02-20 05:32 7457968 ----a-w- c:\windows\system32\nvopencl.dll 2013-02-20 05:32 . 2013-02-20 05:32 26341664 ----a-w- c:\windows\system32\nvoglv64.dll 2013-02-20 05:32 . 2013-02-20 05:32 2446416 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-02-20 05:32 . 2006-06-02 21:02 2752880 ----a-w- c:\windows\system32\nvapi64.dll 2013-02-20 05:32 . 2013-02-20 05:32 6162704 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-02-20 05:32 . 2013-02-20 05:32 13531936 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-02-20 05:32 . 2013-02-20 05:32 7754560 ----a-w- c:\windows\SysWow64\nvcuda.dll 2013-02-20 05:32 . 2013-02-20 05:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2013-02-20 05:32 . 2013-02-20 05:32 2577184 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2013-02-20 05:32 . 2013-02-20 05:32 1869088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2013-02-20 05:32 . 2013-02-20 05:32 19915552 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-02-20 05:32 . 2013-02-20 05:32 9184760 ----a-w- c:\windows\system32\nvcuda.dll 2013-02-20 05:32 . 2013-02-20 05:32 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll 2013-02-15 06:08 . 2013-04-10 15:41 44032 ----a-w- c:\windows\system32\tsgqec.dll 2013-02-15 06:06 . 2013-04-10 15:41 3717632 ----a-w- c:\windows\system32\mstscax.dll 2013-02-15 06:02 . 2013-04-10 15:41 158720 ----a-w- c:\windows\system32\aaclient.dll 2013-02-15 04:37 . 2013-04-10 15:41 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-02-15 04:34 . 2013-04-10 15:41 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2013-02-15 03:25 . 2013-04-10 15:41 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll 2013-02-12 05:45 . 2013-03-13 21:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 21:14 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 21:14 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 21:14 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 21:14 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 21:14 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-14 10:02 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-15 39408] . c:\users\doctorpg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 FastFreeConverterUpdt;FastFreeConverterUpdt;c:\program files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2008-07-29 1075712] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-01 1255736] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1403010.016\SYMDS64.SYS [2013-01-22 493656] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-04-07 39768] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [2013-04-12 1390680] S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1403010.016\ccSetx64.sys [2012-11-16 168096] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130509.001\IDSvia64.sys [2013-04-30 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1403010.016\Ironx64.SYS [2012-11-16 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1403010.016\SYMNETS.SYS [2013-01-31 432800] S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520] S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160] S2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-04-07 990896] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-16 138912] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - AVGTP . Contents of the 'Scheduled Tasks' folder . 2013-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 00:08] . 2013-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 05:26] . 2013-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 05:26] . 2013-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-740012862-3860203603-3183974410-1000Core.job - c:\users\doctorpg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-22 10:28] . 2013-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-740012862-3860203603-3183974410-1000UA.job - c:\users\doctorpg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-22 10:28] . 2013-04-12 c:\windows\Tasks\PCHB_doctorpg_PCHealthBoost_LG.job - c:\program files (x86)\PC HealthBoost\PCHealthBoost.exe [2013-04-06 20:22] . 2013-04-12 c:\windows\Tasks\PCHB_doctorpg_PCHealthBoost_RM.job - c:\program files (x86)\PC HealthBoost\PCHealthBoost.exe [2013-04-06 20:22] . 2013-04-12 c:\windows\Tasks\PCHB_doctorpg_PCHealthBoost_RN.job - c:\program files (x86)\PC HealthBoost\PCHealthBoost.exe [2013-04-06 20:22] . 2013-04-12 c:\windows\Tasks\PCHB_doctorpg_PCHealthBoost_RS.job - c:\program files (x86)\PC HealthBoost\PCHealthBoost.exe [2013-04-06 20:22] . 2013-04-12 c:\windows\Tasks\PCHB_doctorpg_PCHealthBoost_UP.job - c:\program files (x86)\PC HealthBoost\PCHealthBoost.exe [2013-04-06 20:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\doctorpg\AppData\Roaming\Mozilla\Firefox\Profiles\pxdrtys7.default\ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-04-07 12:11; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\doctorpg\AppData\Roaming\Mozilla\Firefox\Profiles\pxdrtys7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF - ExtSQL: 2013-04-27 19:06; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn . - - - - ORPHANS REMOVED - - - - . BHO-{A071936A-AB6B-4978-9342-E47C06FCDEC1} - c:\progra~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL Toolbar-Locked - (no file) Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll SafeBoot-ccEvtMgr SafeBoot-ccSetMgr SafeBoot-Symantec Antivirus SafeBoot-Symantec Antvirus HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Fast Free Converter - c:\program files (x86)\Fast Free Converter\uninstall.exe AddRemove-sp@sp.com - c:\program files (x86)\Social Privacy\uninstall.exe AddRemove-Shield - c:\users\doctorpg\AppData\Local\Shield\Application\23.0.1271.95\Installer\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.3.1.22\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SPBBCDrv] "ImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-740012862-3860203603-3183974410-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð] @Class="Shell" . [HKEY_USERS\S-1-5-21-740012862-3860203603-3183974410-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð\OpenWithList] @Class="Shell" "a"="WksWP.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-740012862-3860203603-3183974410-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð\OpenWithProgids] "?_auto_file"=hex(0): . [HKEY_USERS\S-1-5-21-740012862-3860203603-3183974410-1000_Classes\.*)ð] @Allowed: (Read) (RestrictedCode) @="?_auto_file" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-05-10 14:53:24 ComboFix-quarantined-files.txt 2013-05-10 21:53 . Pre-Run: 536,919,097,344 bytes free Post-Run: 538,330,296,320 bytes free . - - End Of File - - FA05726585E4A78DBDF4253CAEDFDB8A
  6. after running the adw and jrt exe's, using the chrome browser, i tried a google search that had been previously redirecting to hotstartsearch and it did not redirect me!! YAY. so that's been fixed. then i went to yahoo and did not see any banner ads from adknowledge, YAY. then i tried the same things using firefox and it showed some sort of script error msg: scripts currently forbidden, 0/1 () | <script>: 5| <object>) but much better performance, much faster. now what?? is it fixed or will it recur? thank you ever so much, i would like to contribute doctorpg adwcleaner output: # AdwCleaner v2.300 - Logfile created 05/09/2013 at 09:36:59 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : doctorpg - EMACHINE # Boot Mode : Normal # Running from : C:\Users\doctorpg\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search Deleted on reboot : C:\Users\doctorpg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen File Deleted : C:\END File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml File Deleted : C:\Users\doctorpg\AppData\Roaming\Mozilla\Firefox\Profiles\pxdrtys7.default\searchplugins\Conduit.xml File Deleted : C:\Users\doctorpg\AppData\Roaming\Mozilla\Firefox\Profiles\pxdrtys7.default\searchplugins\safesearch.xml File Deleted : C:\Users\Public\Desktop\eBay.lnk Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\Program Files (x86)\AVG Secure Search Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\SaveValet Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Users\doctorpg\AppData\Local\AVG Secure Search Folder Deleted : C:\Users\doctorpg\AppData\Local\Conduit Folder Deleted : C:\Users\doctorpg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen Folder Deleted : C:\Users\doctorpg\AppData\Local\Max Secure Software Folder Deleted : C:\Users\doctorpg\AppData\Local\SwvUpdater Folder Deleted : C:\Users\doctorpg\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\doctorpg\AppData\LocalLow\Conduit Folder Deleted : C:\Users\doctorpg\AppData\LocalLow\FunWebProducts Folder Deleted : C:\Users\doctorpg\AppData\LocalLow\MyWebSearch Folder Deleted : C:\Users\doctorpg\AppData\Roaming\Mozilla\Firefox\Profiles\pxdrtys7.default\CT3298566 Folder Deleted : C:\Users\doctorpg\AppData\Roaming\Mozilla\Firefox\Profiles\pxdrtys7.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} Folder Deleted : C:\Users\doctorpg\AppData\Roaming\Mozilla\Firefox\Profiles\pxdrtys7.default\extensions\m3ffxtbr@mywebsearch.com Folder Deleted : C:\Users\doctorpg\AppData\Roaming\Mozilla\Firefox\Profiles\pxdrtys7.default\extensions\toolbar@ask.com Folder Deleted : C:\Users\doctorpg\AppData\Roaming\Mozilla\Firefox\Profiles\pxdrtys7.default\Smartbar Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen Key Deleted : HKCU\Software\Headlight Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\SocialBit Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Software Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16537 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN42828146413266110&UM=2&ctid=CT3298566 --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language --> hxxp://www.google.com -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\doctorpg\AppData\Roaming\Mozilla\Firefox\Profiles\pxdrtys7.default\prefs.js C:\Users\doctorpg\AppData\Roaming\Mozilla\Firefox\Profiles\pxdrtys7.default\user.js ... Deleted ! Deleted : user_pref("CT3298566.1000082.isPlayDisplay", "true"); Deleted : user_pref("CT3298566.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...] Deleted : user_pref("CT3298566.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3298566.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Deleted : user_pref("CT3298566.FirstTime", "true"); Deleted : user_pref("CT3298566.FirstTimeFF3", "true"); Deleted : user_pref("CT3298566.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329[...] Deleted : user_pref("CT3298566.UserID", "UN16159729674139860"); Deleted : user_pref("CT3298566.addressBarTakeOverEnabledInHidden", "true"); Deleted : user_pref("CT3298566.autoDisableScopes", 0); Deleted : user_pref("CT3298566.browser.search.defaultthis.engineName", "true"); Deleted : user_pref("CT3298566.defaultSearch", "true"); Deleted : user_pref("CT3298566.embeddedsData", "[{\"appId\":\"130110228003246321\",\"apiPermissions\":{\"cross[...] Deleted : user_pref("CT3298566.enableAlerts", "true"); Deleted : user_pref("CT3298566.enableFix404ByUser", "TRUE"); Deleted : user_pref("CT3298566.enableSearchFromAddressBar", "true"); Deleted : user_pref("CT3298566.firstTimeDialogOpened", "true"); Deleted : user_pref("CT3298566.fixPageNotFoundError", "true"); Deleted : user_pref("CT3298566.fixPageNotFoundErrorByUser", "true"); Deleted : user_pref("CT3298566.fixPageNotFoundErrorInHidden", "true"); Deleted : user_pref("CT3298566.fixUrls", true); Deleted : user_pref("CT3298566.installDate", "29/4/2013 17:45:10"); Deleted : user_pref("CT3298566.installId", "cid111"); Deleted : user_pref("CT3298566.installSessionId", "{2383AEEB-A8A2-4A29-9AAB-768BB189DA58}"); Deleted : user_pref("CT3298566.installSp", "TRUE"); Deleted : user_pref("CT3298566.installType", "conduitnsisintegration"); Deleted : user_pref("CT3298566.installUsage", "2013-05-02T03:38:43.8015449+03:00"); Deleted : user_pref("CT3298566.installUsageEarly", "2013-05-02T03:38:42.7719383+03:00"); Deleted : user_pref("CT3298566.installerVersion", "1.4.1.3"); Deleted : user_pref("CT3298566.isCheckedStartAsHidden", true); Deleted : user_pref("CT3298566.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3298566.isFirstTimeToolbarLoading", "false"); Deleted : user_pref("CT3298566.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Deleted : user_pref("CT3298566.keyword", "true"); Deleted : user_pref("CT3298566.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...] Deleted : user_pref("CT3298566.lastVersion", "10.15.2.23"); Deleted : user_pref("CT3298566.mam_gk_installer_preapproved.enc", "ZmFsc2U="); Deleted : user_pref("CT3298566.migrateAppsAndComponents", true); Deleted : user_pref("CT3298566.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.c[...] Deleted : user_pref("CT3298566.openThankYouPage", "false"); Deleted : user_pref("CT3298566.openUninstallPage", "true"); Deleted : user_pref("CT3298566.revertSettingsEnabled", "false"); Deleted : user_pref("CT3298566.search.searchAppId", "130110228003246321"); Deleted : user_pref("CT3298566.search.searchCount", "0"); Deleted : user_pref("CT3298566.searchFromAddressBarEnabledByUser", "true"); Deleted : user_pref("CT3298566.searchInNewTabEnabledByUser", "true"); Deleted : user_pref("CT3298566.searchInNewTabEnabledInHidden", "true"); Deleted : user_pref("CT3298566.searchRevert", "false"); Deleted : user_pref("CT3298566.searchUserMode", "2"); Deleted : user_pref("CT3298566.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3298566.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Deleted : user_pref("CT3298566.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Deleted : user_pref("CT3298566.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Deleted : user_pref("CT3298566.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3298566.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3298566.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Deleted : user_pref("CT3298566.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1367455142149"); Deleted : user_pref("CT3298566.serviceLayer_services_appsMetadata_lastUpdate", "1367455141936"); Deleted : user_pref("CT3298566.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1367455141840"); Deleted : user_pref("CT3298566.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1367455141[...] Deleted : user_pref("CT3298566.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1367455142393")[...] Deleted : user_pref("CT3298566.serviceLayer_services_location_lastUpdate", "1367455141347"); Deleted : user_pref("CT3298566.serviceLayer_services_login_10.15.2.23_lastUpdate", "1367529568185"); Deleted : user_pref("CT3298566.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1367455141892"); Deleted : user_pref("CT3298566.serviceLayer_services_searchAPI_lastUpdate", "1367455141359"); Deleted : user_pref("CT3298566.serviceLayer_services_serviceMap_lastUpdate", "1367455139334"); Deleted : user_pref("CT3298566.serviceLayer_services_toolbarContextMenu_lastUpdate", "1367455141714"); Deleted : user_pref("CT3298566.serviceLayer_services_toolbarSettings_lastUpdate", "1367529568045"); Deleted : user_pref("CT3298566.serviceLayer_services_translation_lastUpdate", "1367455142043"); Deleted : user_pref("CT3298566.settingsINI", true); Deleted : user_pref("CT3298566.shouldFirstTimeDialog", "false"); Deleted : user_pref("CT3298566.showToolbarPermission", "false"); Deleted : user_pref("CT3298566.smartbar.CTID", "CT3298566"); Deleted : user_pref("CT3298566.smartbar.Uninstall", "0"); Deleted : user_pref("CT3298566.smartbar.homepage", "true"); Deleted : user_pref("CT3298566.smartbar.toolbarName", "MixiDJ V30 "); Deleted : user_pref("CT3298566.startPage", "true"); Deleted : user_pref("CT3298566.toolbarBornServerTime", "2-5-2013"); Deleted : user_pref("CT3298566.toolbarCurrentServerTime", "3-5-2013"); Deleted : user_pref("CT3298566.toolbarLoginClientTime", "Wed May 01 2013 17:39:02 GMT-0700 (Pacific Daylight T[...] Deleted : user_pref("CT3298566.versionFromInstaller", "10.15.2.23"); Deleted : user_pref("CT3298566_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN16159729[...] Deleted : user_pref("Smartbar.ConduitSearchEngineList", "MixiDJ V30 Customized Web Search"); Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566[...] Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3298566"); Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1"); Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V30 Customized Web Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI[...] Deleted : user_pref("browser.search.selectedEngine", "MixiDJ V30 Customized Web Search"); Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN1615972967413[...] Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CU[...] Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN161597296[...] Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...] Deleted : user_pref("smartbar.machineId", "4G9J6WYOXQ2PB0ZDRYQ3NU7CAHKJGYG0MB08TC2UDOC8/CE2RQFZQBXNWPJM6KTS76Y[...] Deleted : user_pref("smartbar.originalHomepage", "hxxp://proxy.allsearchapp.com/app/start/"); Deleted : user_pref("smartbar.originalSearchAddressUrl", ""); Deleted : user_pref("smartbar.originalSearchEngine", ""); -\\ Google Chrome v26.0.1410.64 File : C:\Users\doctorpg\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.2832] : urls_to_restore_on_startup = [ "hxxp://sports.yahoo.com/", "hxxp://search.conduit.com/?ctid=C[...] ************************* AdwCleaner[s1].txt - [26412 octets] - [09/05/2013 09:36:59] ########## EOF - C:\AdwCleaner[s1].txt - [26473 octets] ########## jrt output: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by doctorpg on Thu 05/09/2013 at 10:02:14.31 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A0EFF8E7-5D0A-4DC8-A4B5-845CCEE5B089} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\doctorpg\AppData\Roaming\systweak" Successfully deleted: [Folder] "C:\Users\doctorpg\appdata\locallow\fast free converter" Successfully deleted: [Folder] "C:\Program Files (x86)\fast free converter" Successfully deleted: [Folder] "C:\Program Files (x86)\winzip registry optimizer" ~~~ FireFox Emptied folder: C:\Users\doctorpg\AppData\Roaming\mozilla\firefox\profiles\pxdrtys7.default\minidumps [49 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 05/09/2013 at 10:08:56.77 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  7. hi gringo hope this helps: defogger output: defogger_disable by jpshortstuff (23.02.10.1) Log created at 21:05 on 08/05/2013 (doctorpg) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- checkup putput: Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! AVG Internet Security 2013 Microsoft Security Essentials Norton 360 Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 22 Java 7 Update 21 Adobe Flash Player 11.6.602.180 Mozilla Firefox (20.0.1) Google Chrome 26.0.1410.64 Google Chrome Extensions... ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 8% ````````````````````End of Log`````````````````````` DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2 Run by doctorpg at 21:17:57 on 2013-05-08 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2102 [GMT -7:00] . AV: AVG Internet Security 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Internet Security 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\windows\system32\nvvsvc.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\avg\avgfws.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\PixArt\PAC7302\Monitor.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\avg\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe C:\avg\avgnsa.exe C:\avg\avgemca.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe C:\windows\system32\SearchIndexer.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\WUDFHost.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\avg\avgui.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\windows\system32\taskeng.exe C:\Users\doctorpg\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\doctorpg\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\doctorpg\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\doctorpg\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\doctorpg\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\doctorpg\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\doctorpg\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\doctorpg\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\doctorpg\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\doctorpg\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\doctorpg\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\doctorpg\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\splwow64.exe C:\windows\system32\taskeng.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN42828146413266110&UM=2&ctid=CT3298566 uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352-01&r=17361210j68hf3541066pf1hi84660 uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\CoIEPlg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\IPS\IPSBHO.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - LocalServer32 - <no file> BHO: Fast Free Converter 3.0: {A071936A-AB6B-4978-9342-E47C06FCDEC1} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\CoIEPlg.dll TB: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - LocalServer32 - <no file> TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\CoIEPlg.dll uRun: [Google Update] "C:\Users\doctorpg\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" StartupFolder: C:\Users\doctorpg\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE StartupFolder: C:\Users\doctorpg\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: NameServer = 192.168.1.254 TCP: Interfaces\{21359522-F734-4C2A-8D77-134CC68A582E} : DHCPNameServer = 192.168.1.254 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll SSODL: WebCheck - <orphaned> x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Run: [PAC7302_Monitor] C:\windows\PixArt\PAC7302\Monitor.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\doctorpg\AppData\Roaming\Mozilla\Firefox\Profiles\pxdrtys7.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=UN16159729674139860&UM=2&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - MixiDJ V30 Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN16159729674139860&UM=2&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN16159729674139860&UM=2&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDN32.DLL FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\doctorpg\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Users\doctorpg\AppData\Roaming\Mozilla\Firefox\Profiles\pxdrtys7.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\plugins\np-mswmp.dll FF - plugin: C:\Users\doctorpg\AppData\Roaming\Mozilla\Firefox\Profiles\pxdrtys7.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\plugins\npConduitFirefoxPlugin.dll FF - plugin: C:\Users\doctorpg\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\doctorpg\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\doctorpg\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll FF - ExtSQL: 2013-04-02 13:35; sp@sp.com; C:\Program Files (x86)\Social Privacy\FF FF - ExtSQL: 2013-04-07 12:11; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\doctorpg\AppData\Roaming\Mozilla\Firefox\Profiles\pxdrtys7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF - ExtSQL: 2013-04-27 19:06; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn FF - ExtSQL: 2013-04-28 15:56; avg@toolbar; C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 FF - ExtSQL: 2013-04-29 17:45; {1122b43d-30ee-403f-9bfa-3cc99b0caddd}; C:\Users\doctorpg\AppData\Roaming\Mozilla\Firefox\Profiles\pxdrtys7.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} . ---- FIREFOX POLICIES ---- FF - user.js: extensions.autoDisableScopes - 0 FF - user.js: extensions.shownSelectionUI - true FF - user.js: extensions.enabledScopes - 15 user_pref(extensions.newAddons,false); FF - user.js: browser.startup.homepage - hxxp://proxy.allsearchapp.com/app/start/ FF - user.js: browser.search.defaultenginename - All Search FF - user.js: browser.search.defaultenginename - All Search FF - user.js: browser.newtab.url - hxxp://proxy.allsearchapp.com/app/start/ FF - user.js: extensions.enabledAddons - sp@sp.com:1.0 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-2-8 71480] R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-2-8 311096] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-2-8 116536] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-2-8 45880] R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\1403010.016\SymDS64.sys [2013-4-29 493656] R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\1403010.016\SymEFA64.sys [2013-4-29 1139800] R1 Avgfwfd;AVG network filter service;C:\windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296] R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-2-26 246072] R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-2-8 206136] R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-2-14 239416] R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-9-3 39768] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [2013-5-7 1390680] R1 ccSet_N360;Norton 360 Settings Manager;C:\windows\System32\drivers\N360x64\1403010.016\ccSetx64.sys [2013-4-29 168096] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130508.001\IDSviA64.sys [2013-5-8 513184] R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\1403010.016\Ironx64.sys [2013-4-29 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\N360x64\1403010.016\symnets.sys [2013-4-29 432800] R2 avgfws;AVG Firewall;C:\avg\avgfws.exe [2013-2-19 1418184] R2 avgwd;AVG WatchDog;C:\avg\avgwdsvc.exe [2013-2-19 282624] R2 FastFreeConverterUpdt;FastFreeConverterUpdt;C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [2012-11-26 687104] R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-6-4 1150496] R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe [2013-4-29 144520] R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-4-15 3289208] R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-8-14 240160] R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-4-6 990896] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-18 138912] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] S2 AVGIDSAgent;AVGIDSAgent;C:\avg\avgidsagent.exe [2013-2-27 4937264] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 athrusb;Atheros Wireless LAN USB device driver;C:\windows\System32\drivers\athrxusb.sys [2008-7-29 1075712] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe [2012-9-11 234776] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-8-14 215040] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-8-2 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-7-1 1255736] . =============== File Associations =============== . FileExt: .js: Applications\AcroRD32.exe="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe" "%1" [userChoice] [default=Read - 'Open' doesn't exist] . =============== Created Last 30 ================ . 2013-05-09 00:56:17 -------- d-----w- C:\Users\doctorpg\AppData\Local\Adobe 2013-05-08 04:56:40 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{28FA3EF2-72BA-473B-8064-3DF1A69964C2}\mpengine.dll 2013-05-07 05:04:31 -------- d-----w- C:\Users\doctorpg\AppData\Local\Apple 2013-05-07 03:54:58 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A581BE25-0551-4FD9-BD37-4A85D4F0A346}\gapaengine.dll 2013-05-07 03:54:51 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-05-07 03:48:40 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2013-05-07 03:48:32 -------- d-----w- C:\Program Files\Microsoft Security Client 2013-05-05 22:01:53 -------- d-----w- C:\Users\doctorpg\AppData\Roaming\AVG2013 2013-05-05 21:57:43 -------- d--h--w- C:\$AVG 2013-05-05 21:57:43 -------- d-----w- C:\ProgramData\AVG2013 2013-05-05 21:52:44 -------- d-----w- C:\avg 2013-05-05 21:51:01 -------- d-----w- C:\Users\doctorpg\AppData\Local\Avg2013 2013-05-02 00:34:14 -------- d-----w- C:\ProgramData\McAfee Security Scan 2013-05-02 00:34:01 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan 2013-05-02 00:09:24 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-30 04:45:06 177312 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS 2013-04-30 04:44:38 796248 ----a-r- C:\windows\System32\drivers\N360x64\1403010.016\srtsp64.sys 2013-04-30 04:44:38 493656 ----a-r- C:\windows\System32\drivers\N360x64\1403010.016\SymDS64.sys 2013-04-30 04:44:38 432800 ----a-r- C:\windows\System32\drivers\N360x64\1403010.016\symnets.sys 2013-04-30 04:44:38 36952 ----a-r- C:\windows\System32\drivers\N360x64\1403010.016\srtspx64.sys 2013-04-30 04:44:38 23448 ----a-r- C:\windows\System32\drivers\N360x64\1403010.016\SymELAM.sys 2013-04-30 04:44:38 224416 ----a-r- C:\windows\System32\drivers\N360x64\1403010.016\Ironx64.sys 2013-04-30 04:44:38 168096 ----a-r- C:\windows\System32\drivers\N360x64\1403010.016\ccSetx64.sys 2013-04-30 04:44:38 1139800 ----a-r- C:\windows\System32\drivers\N360x64\1403010.016\SymEFA64.sys 2013-04-30 04:44:26 -------- d-----w- C:\windows\System32\drivers\N360x64\1403010.016 2013-04-30 04:44:26 -------- d-----w- C:\windows\System32\drivers\N360x64 2013-04-30 04:44:24 -------- d-----w- C:\Program Files (x86)\Norton 360 2013-04-30 04:44:12 -------- d-----w- C:\ProgramData\PCSettings 2013-04-30 00:52:02 -------- d-----w- C:\Users\doctorpg\New folder 2013-04-30 00:47:20 -------- d-----w- C:\Users\doctorpg\AppData\Local\Solid Savings 2013-04-30 00:46:10 -------- d-----w- C:\Program Files (x86)\Conduit 2013-04-30 00:46:07 -------- d-----w- C:\Users\doctorpg\AppData\Local\Conduit 2013-04-30 00:45:41 -------- d-----w- C:\Users\doctorpg\AppData\Local\CRE 2013-04-28 22:08:46 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2013-04-28 22:08:38 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9CBD7F28-4385-4663-A6D9-58ED782D3ED0}\mpengine.dll 2013-04-28 22:02:23 -------- d-----w- C:\Users\doctorpg\AppData\Local\AVG Secure Search 2013-04-28 19:18:08 -------- d-----w- C:\NBRT 2013-04-28 19:10:39 -------- d-----w- C:\NPE 2013-04-28 17:31:51 -------- d-----w- C:\windows\System32\drivers\NBRTWizardx64\0501000.01A 2013-04-28 02:13:23 -------- d-----w- C:\windows\SysWow64\N360_BACKUP 2013-04-28 02:06:36 -------- d-----w- C:\Program Files\Symantec 2013-04-28 02:00:21 -------- d-s---w- C:\windows\SysWow64\Microsoft 2013-04-23 19:25:43 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys 2013-04-23 05:37:53 -------- d-----w- C:\Program Files\AVAST Software 2013-04-23 05:37:38 -------- d-----w- C:\ProgramData\AVAST Software 2013-04-20 23:03:49 -------- d-----w- C:\Users\doctorpg\AppData\Roaming\Nico Mak Computing 2013-04-20 23:03:38 -------- d-----w- C:\Program Files (x86)\WinZip Registry Optimizer 2013-04-16 22:14:09 -------- d-----w- C:\ProgramData\Kaspersky Lab 2013-04-16 22:14:09 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab 2013-04-15 22:32:30 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-04-15 22:32:30 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2013-04-15 10:08:01 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation 2013-04-15 10:05:57 61216 ----a-w- C:\windows\System32\OpenCL.dll 2013-04-15 10:05:57 53024 ----a-w- C:\windows\SysWow64\OpenCL.dll 2013-04-15 10:04:47 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2013-04-15 10:04:18 -------- d-----w- C:\Program Files\NVIDIA Corporation 2013-04-13 10:11:16 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe 2013-04-12 22:59:10 -------- d-----w- C:\temp 2013-04-12 22:58:56 -------- d-----w- C:\Program Files (x86)\PC HealthBoost 2013-04-12 22:55:29 -------- d-----w- C:\ProgramData\PCHealthBoost 2013-04-12 21:53:36 -------- d-----w- C:\Users\doctorpg\AppData\Local\PC_Cleanup_Utility_Inc 2013-04-12 21:53:36 -------- d-----w- C:\Users\doctorpg\AppData\Local\PC Cleanup Utility Inc 2013-04-12 21:53:36 -------- d-----w- C:\ProgramData\PC Cleanup Utility Inc 2013-04-12 21:51:13 -------- d-----w- C:\Users\doctorpg\AppData\Local\Shield 2013-04-10 15:42:10 3153408 ----a-w- C:\windows\System32\win32k.sys 2013-04-10 15:41:53 3717632 ----a-w- C:\windows\System32\mstscax.dll 2013-04-10 15:41:52 3217408 ----a-w- C:\windows\SysWow64\mstscax.dll 2013-04-10 15:41:51 44032 ----a-w- C:\windows\System32\tsgqec.dll 2013-04-10 15:41:51 36864 ----a-w- C:\windows\SysWow64\tsgqec.dll 2013-04-10 15:41:51 158720 ----a-w- C:\windows\System32\aaclient.dll 2013-04-10 15:41:51 131584 ----a-w- C:\windows\SysWow64\aaclient.dll 2013-04-10 15:41:32 223752 ----a-w- C:\windows\System32\drivers\fvevol.sys 2013-04-10 15:40:39 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-04-10 15:40:36 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-04-10 15:40:35 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll 2013-04-10 15:40:35 43520 ----a-w- C:\windows\System32\csrsrv.dll 2013-04-10 15:40:35 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-04-10 15:40:35 112640 ----a-w- C:\windows\System32\smss.exe . ==================== Find3M ==================== . 2013-05-02 15:29:56 278800 ------w- C:\windows\System32\MpSigStub.exe 2013-04-11 14:22:56 770384 ----a-w- C:\windows\SysWow64\msvcr100.dll 2013-04-11 14:22:56 421200 ----a-w- C:\windows\SysWow64\msvcp100.dll 2013-04-07 05:45:00 39768 ----a-w- C:\windows\System32\drivers\avgtpx64.sys 2013-04-04 21:50:32 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-03-28 16:53:38 861088 ----a-w- C:\windows\SysWow64\npdeployJava1.dll 2013-03-28 16:53:38 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll 2013-03-13 00:08:19 73432 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 00:08:19 693976 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-02-27 06:40:46 246072 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys 2013-02-21 10:30:16 1766912 ----a-w- C:\windows\SysWow64\wininet.dll 2013-02-21 10:29:39 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-02-21 10:29:37 61440 ----a-w- C:\windows\SysWow64\iesetup.dll 2013-02-21 10:29:37 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll 2013-02-21 10:15:07 2240512 ----a-w- C:\windows\System32\wininet.dll 2013-02-21 10:14:09 3958784 ----a-w- C:\windows\System32\jscript9.dll 2013-02-21 10:14:05 67072 ----a-w- C:\windows\System32\iesetup.dll 2013-02-21 10:14:05 136704 ----a-w- C:\windows\System32\iesysprep.dll 2013-02-19 12:01:03 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-02-19 11:42:14 2706432 ----a-w- C:\windows\System32\mshtml.tlb 2013-02-19 11:10:53 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe 2013-02-19 10:51:18 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe 2013-02-14 10:52:46 239416 ----a-w- C:\windows\System32\drivers\avgtdia.sys 2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll 2013-02-12 04:12:05 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys 2013-02-08 11:37:56 116536 ----a-w- C:\windows\System32\drivers\avgmfx64.sys 2013-02-08 11:37:54 311096 ----a-w- C:\windows\System32\drivers\avgloga.sys 2013-02-08 11:37:50 71480 ----a-w- C:\windows\System32\drivers\avgidsha.sys 2013-02-08 11:37:42 206136 ----a-w- C:\windows\System32\drivers\avgldx64.sys 2013-02-08 11:37:40 45880 ----a-w- C:\windows\System32\drivers\avgrkx64.sys . ============= FINISH: 21:18:49.51 =============== attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 6/28/2011 7:41:40 PM System Uptime: 5/8/2013 6:29:12 PM (3 hours ago) . Motherboard: eMachines | | ET1352G Processor: AMD Athlon II X2 260u Processor | CPU 1 | 1800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 581 GiB total, 498.643 GiB free. D: is Removable E: is Removable F: is Removable G: is Removable H: is Removable I: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP56: 4/28/2013 3:07:31 PM - Windows Update RP58: 4/29/2013 5:09:02 PM - Windows Defender Checkpoint RP59: 4/29/2013 5:58:23 PM - Removed 7-Zip 9.21 RP60: 4/29/2013 6:00:45 PM - Removed 7-Zip 9.21 RP61: 4/30/2013 3:26:13 PM - OTL Restore Point - 4/30/2013 3:26:11 PM RP62: 5/1/2013 5:08:03 PM - Installed Java 7 Update 21 RP63: 5/5/2013 2:57:01 PM - Installed AVG 2013 RP64: 5/5/2013 9:57:45 PM - Norton_Power_Eraser_20130505215742004 RP65: 5/6/2013 4:23:00 PM - Norton 360 Registry Clean RP66: 5/6/2013 8:53:58 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) Adobe Shockwave Player 11.6 Advertising Center Agfa ScanWise 1.10 Apple Application Support Apple Mobile Device Support Apple Software Update Ask Toolbar AVG 2013 AVG Security Toolbar AVS Update Manager 1.0 AVS Video Converter 8 AVS4YOU Software Navigator 1.4 Bonjour CambridgeSoft Activation Client CambridgeSoft ChemDraw Std 12.0 CANYON USB PC CAMERA Choice Guard Compatibility Pack for the 2007 Office system Cucusoft Ultimate DVD + Video Converter Suite 7.15.7.8 DING! DriverBoost eBay Worldwide EclipseCrossword eMachines Games eMachines Recovery Management eMachines Registration eMachines ScreenSaver eMachines Updater Fast Free Converter Google Chrome Google Earth Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper Identity Card ImagXpress Internet Browser iTunes Japanese Fonts Support For Adobe Reader X Java 7 Update 21 Java Auto Updater Java 6 Update 22 Jigsaw Boom Junk Mail filter update Kaspersky Security Scan LeXpert 3.2 LSI PCI-SV92PP Soft Modem McAfee Security Scan Plus Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 9 Essentials Nero ControlCenter Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml Norton 360 Norton Bootable Recovery Tool Wizard NVIDIA Control Panel 307.83 NVIDIA Graphics Driver 307.83 NVIDIA Install Application NVIDIA Update 1.10.8 NVIDIA Update Components OpenOffice.org 3.4.1 PCHealthBoost 2.3.0 PDFCreator Realtek High Definition Audio Driver RER VOB Converter Secure Download Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Skype Click to Call Skype™ 5.10 Social Privacy Spotify Support.com Toolbar Updater swMSM System Requirements Lab Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update Installer for WildTangent Games App Visual Studio 2010 x64 Redistributables Welcome Center WildTangent Games WildTangent Games App Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 5/8/2013 8:01:48 PM, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753639. 5/8/2013 5:40:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Kaspersky Security Scan Service service to connect. 5/8/2013 5:40:03 PM, Error: Service Control Manager [7000] - The Kaspersky Security Scan Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/8/2013 5:32:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd AVGIDSDriver Avgldx64 Avgtdia BHDrvx64 ccSet_N360 DfsC discache eeCtrl IDSVia64 MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf 5/8/2013 5:32:08 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/8/2013 5:32:08 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 5/8/2013 5:32:08 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/8/2013 5:32:08 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 5/8/2013 5:32:08 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/8/2013 5:32:08 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 5/8/2013 5:32:08 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning. 5/8/2013 5:32:07 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/8/2013 5:32:07 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 5/8/2013 5:32:07 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 5/8/2013 5:32:07 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 5/8/2013 3:57:50 PM, Error: Microsoft-Windows-WHEA-Logger [20] - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: Sync Error Processor ID: 0 The details view of this entry contains further information. 5/7/2013 10:02:55 AM, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753630. 5/7/2013 1:55:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 5/5/2013 2:47:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. 5/5/2013 10:08:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6. 5/3/2013 9:10:07 PM, Error: Service Control Manager [7034] - The FastFreeConverterUpdt service terminated unexpectedly. It has done this 1 time(s). 5/2/2013 9:02:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. . ==== End Of File ===========================
  8. greetings: not sure if this is the correct place for this: but i saw a thread for 'adknowledge' baddie removal and it suggested to download, run, and then post the output file from roguekiller.exe; i have complied and here is the content of the roguekiller output file. i sure hope this helps in getting reid of that utter nuisance. paul g. RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : doctorpg [Admin rights] Mode : Scan -- Date : 05/05/2013 20:10:17 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD64 00AAKS-22A7B SCSI Disk Device +++++ --- User --- [MBR] bce9539542dc5b562efc1acb1b73d1c2 [bSP] 0c90b54144f2e382e052269fcccb1584 : Acer MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 595018 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_05052013_02d2010.txt >> RKreport[1]_S_05052013_02d2010.txt