|
Post by dillon023 on Oct 22, 2014 13:56:05 GMT -8
I see im having the same problem as many others. Im running Windows 7 Home Premium 64 bit.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 22, 2014 14:38:43 GMT -8
Do Not use advanced tools or any tools used on this board without supervision.
Malware removal can be difficult over a forum as it is, without a user doing their own actions, the tools used are more advanced and thus have added danger that comes with that. This board is protected so that only Malware removers, Admin and Mods can reply to a users thread but all members can create a thread asking for removal of Infection(s)
Make changes to your computer only when the Malware Expert specifically states it. The Malware Experts request specific steps to be followed, as some malware removal requires multiple steps and evaluations along the way. When you take other advice or make other changes, this often negates the work done by the expert, and can sometimes result in an inoperable system. This also includes any tools or steps other than those the from the Malware Expert. We need to be certain about the state of your system to see what actually is going on, and what is required to fix the system while not harming the rest of the system. Most often, well-intentioned independent efforts can make things much worse. The malware remediation tools are more advanced than othe tools, and can often create bigger problems when used without expert guidance.
Follow all the directions in order, and to the end. Please perform all steps in the order they are listed in each set of instructions. As you might imagine, some steps are a bit complicated. If things are not clear, be sure to stop and let the Malware Expert know the problem. We don't mind clarifying a situation, as others might have the same question. If a tool does not run as expected, don't force it. Stop the steps, and update the forum topic with the current situation. It is better stop and let us know, than to force a tool to run and cause bigger problems. Also, when your computer is clean and we are finished, the Expert will tell you we are finished. Malware removal is a process that requires verification, and we want to be sure your system is completely clean before we're done.
When describing your problem, provide as much information as possible, as soon as possible. Explain as best you can what happens with your computer, e.g. it beeps three times, black screen with cursor then goes no further, system gets stuck at the Windows startup logo, etc. This helps the expert to understand what is happening to the system and what may be wrong. If your computer cannot start up successfully please provide details about your installed Windows Operating System, including the Version, Edition and if it is a 32bit or a 64bit system. (e.g. Windows Vista Home Premium 32-bit)
When the user follow instructions and things still go a little haywire, and it does happen, it is up to us to sort the extra problem out.
Take longer to read if your language is not English, so that hopefully it is understood.
Reply stating you have read the post fully.
I also if it is busy (have a lot of systems at once to deal with) like being in a supermarket checkout line, waiting their turn, I use the forum like a checkout line.
And the Forum is VERY BUSY at the moment for just 2 Removers, so Please be patient as no one would want us to do a script wrong and hurt someones Computer / System
Quads
|
|
|
Post by dillon023 on Oct 22, 2014 14:42:28 GMT -8
I have read the post fully. Thank you for your time.
|
|
|
Post by dillon023 on Oct 22, 2014 16:20:02 GMT -8
Also just had this pop up.
[SID: 26002] Web Attack: Exploit Toolkit Website 32 attack blocked. Traffic has been blocked for this application: \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSWOW64\DLLHOST.EXE
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Oct 22, 2014 16:26:11 GMT -8
Read Slowly and all of it.Please download www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ You need to download the 64 bit version. Place FRST64.exe onto your desktop from where ever it downloaded to. IF IT IS NOT ON THE DESKTOP (YOU DID NOT DOWNLOAD DIRECTLY TO DESKTOP), THEN RIGHT CLICK ON THE DOWNLOADED FILE AND SELECT CUT. FIND A BLANK SPOT ON YOUR DESKTOP AND RIGHT CLICK ON IT, SELECT PASTE AND THE FILE WILL BE ON THE DESKTOP. Thank You (this is very important later on)! Start FRST64 that is on your DesktopThe tool will start to run. When the tool opens click Yes to disclaimer. (if it does) Press Scan button. It will make two logs ( FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. ( Ask if you don't know how to do either of these). Right now the forum will not allow one to attach the Addition.txt file so please use wikisend.com to upload the file and then post the download link here in your reply post.
|
|
|
Post by dillon023 on Oct 22, 2014 16:54:04 GMT -8
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014 Ran by Dillon (administrator) on DILLON-HP on 22-10-2014 19:39:55 Running from C:\Users\Dillon\Desktop Loaded Profile: Dillon (Available profiles: Dillon) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe (VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Alcatel-Lucent) C:\Program Files\CLink\McciTrayApp.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe () C:\Users\Dillon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Bandoo Media, inc) C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe () C:\Program Files (x86)\AVG Secure Search\vprot.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (S p i g o t, I n c.) C:\Users\Dillon\AppData\Roaming\Search Protection\SP.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\SymCorpUI.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SmcGui.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ProtectionUtilSurrogate.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-10-17] (IDT, Inc.) HKLM\...\Run: [CLink_McciTrayApp] => C:\Program Files\CLink\McciTrayApp.exe [2671104 2012-02-13] (Alcatel-Lucent) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-25] (cyberlink) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS) HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe [1694608 2011-11-09] (Bandoo Media, inc) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-09-05] () HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] () HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: => C:\Users\Dillon\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.) HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [108136 2012-04-22] (Siber Systems) HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: => C:\Users\Dillon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [932528 2012-06-19] () HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: [SearchProtection] => C:\Users\Dillon\AppData\Roaming\Search Protection\SearchProtection.EXE [1110888 2014-09-25] (S p i g o t, I n c.) HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: [APISupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Dillon\AppData\Local\Conduit\APISupport\APISupport.dll",DLLRunAPISupport <===== ATTENTION HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: [uTorrent] => C:\Users\Dillon\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-08] (BitTorrent Inc.) HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: [Search Protection] => C:\Users\Dillon\AppData\Roaming\Search Protection\SP.EXE [1110376 2014-10-09] (S p i g o t, I n c.) HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe [854704 2014-09-24] (Adobe Systems Incorporated) HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\MountPoints2: {1231af00-7a00-11e1-a538-101f740b4930} - F:\TL-Bootstrap.exe HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\MountPoints2: {135d9822-3276-11e1-abdf-101f740b4930} - F:\TL-Bootstrap.exe HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\MountPoints2: {2b60d530-2de0-11e3-b393-101f740b4930} - F:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\MountPoints2: {e00a1760-fd0b-11e0-a467-101f740b4930} - F:\TL-Bootstrap.exe HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\MountPoints2: {fe823852-e1b6-11e2-b7d4-101f740b4930} - F:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll [1778584 2011-11-09] (Bandoo Media, inc) AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll [1791384 2011-11-09] (Bandoo Media, inc) AppInit_DLLs-x32: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll [1236368 2011-11-09] (Bandoo Media, inc) AppInit_DLLs-x32: C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll [1233816 2011-11-09] (Bandoo Media, inc) Startup: C:\Users\Dillon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Dillon\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/HPNOT/1 URLSearchHook: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) URLSearchHook: HKCU - ButterscotchToolbar BHO - {B94D2A9E-E529-4389-B8DE-4F50D087F0D1} - C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll () URLSearchHook: HKCU - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM - {F0C07441-FD14-4F34-9C4C-A673AFE4ADE0} URL = www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 - {F0C07441-FD14-4F34-9C4C-A673AFE4ADE0} URL = www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - DefaultScope {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms} SearchScopes: HKCU - 452EE25FCB2249A5A1EAF2C5F17EB34C URL = isearch.avg.com/search?cid={68061F47-9A2E-43F3-B6DA-D45CA80FD5B4}&mid=fa81eb93f52347d09fdcc15632efa0c3-2eef52e425c702c77c6a767bfe82e59a6dc32504&lang=en&ds=oo011&pr=sa&d=2012-06-30 21:03:05&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKCU - {4B6D3083-3554-4FA3-B303-ED22AA97CC27} URL = searchtronic.net/Search?query={searchTerms}&i=61&tp=chrome SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} SearchScopes: HKCU - {AB8A3D5A-39A2-47B0-9F32-1CFA6DFCE567} URL = search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms} SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms} SearchScopes: HKCU - {CADC42DA-65D8-4E02-B924-0382E9556ED1} URL = websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=FF099EC6-5D60-4AFF-B4B4-7A93E3526A18&apn_sauid=C4AC8276-6E12-4937-A1B8-4EE38559BCBD SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKCU - {F0C07441-FD14-4F34-9C4C-A673AFE4ADE0} URL = www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: ChaCha Search Toolbar -> {4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} -> C:\Program Files (x86)\chachatoolbar\chachatoolbar.dll (ChaCha Search, Inc. ) BHO-x32: uTorrentControl2 Toolbar -> {687578b9-7132-4a7a-80e4-30ee31099e03} -> C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) BHO-x32: uTorrentControl_v2 Toolbar -> {7473b6bd-4691-4744-a82b-7854eb3d70b6} -> C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO-x32: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () BHO-x32: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: ButterscotchToolbar BHO -> {B94D2A9E-E529-4389-B8DE-4F50D087F0D1} -> C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll () BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Butterscotch Toolbar - {AF3D7884-B142-414E-943D-75D8D54E1FFF} - C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll () Toolbar: HKLM-x32 - ChaCha Search Toolbar - {4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} - C:\Program Files (x86)\chachatoolbar\chachatoolbar.dll (ChaCha Search, Inc. ) Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () Toolbar: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {1D082E71-DF20-4AAF-863B-596428C49874} www.worldwinner.com/games/v50/tpir/tpir.cab DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} www.worldwinner.com/games/shared/wwlaunch.cab DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab Handler: butterscotchtoolbar - {721B7821-181F-44E8-9649-067641EF5AA2} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: butterscotchtoolbar - {721B7821-181F-44E8-9649-067641EF5AA2} - C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll () Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-05-08] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wildtangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: @worldwinner.com/Launcher2,version=1.10.0.25 -> C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dillon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\butterscotch_igeared.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2013-07-03] FF HKLM-x32\...\Firefox\Extensions: [butterscotch@igeared] - C:\Program Files (x86)\ButterscotchToolbar\Firefox\butterscotch@igeared FF Extension: Butterscotch Toolbar - C:\Program Files (x86)\ButterscotchToolbar\Firefox\butterscotch@igeared [2012-02-01] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-04-22] FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF [2013-11-15]
Chrome: ======= CHR HomePage: Default -> hxxp://search.yahoo.com/?type=714647&fr=spigot-yhp-ch CHR DefaultSearchKeyword: Default -> yahoo.com search CHR DefaultSearchURL: Default -> search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=714647&p={searchTerms} CHR DefaultSuggestURL: Default -> ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll () CHR Plugin: (Simple Pass 2011) - C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Default Plug-in) - default_plugin No File CHR Profile: C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Website Logon) - C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe [2011-09-18] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31] CHR Extension: (uTorrentControl_v2) - C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2013-08-04] CHR Extension: (AVG Security Toolbar) - C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-10-03] CHR Extension: (Google Wallet) - C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Dillon\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-14] CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Dillon\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-08-14] CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11] CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Dillon\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-14] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-27] CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Dillon\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2014-04-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed] R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [361472 2011-08-20] (Alcatel-Lucent) [File not signed] R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [441344 2011-08-20] (Alcatel-Lucent) [File not signed] R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2013-10-20] (Symantec Corporation) R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2013-10-20] (Symantec Corporation) S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2013-10-20] (Symantec Corporation) R2 VTechUSBSocketService; C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe [82824 2013-03-28] (VTech) R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-14] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-14] (AVG Technologies) R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation) R1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2013-10-20] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-18] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-18] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20141021.011\IDSvia64.sys [525016 2014-08-08] (Symantec Corporation) S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-02-13] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-02-13] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141022.003\ENG64.SYS [129752 2014-08-20] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141022.003\EX64.SYS [2137304 2014-08-20] (Symantec Corporation) R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2013-10-20] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2013-10-20] (Symantec Corporation) S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2013-10-20] (Symantec Corporation) R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2013-10-20] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2013-10-20] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-15] (Symantec Corporation) R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2013-10-20] (Symantec Corporation) R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2013-10-20] (Symantec Corporation) R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2013-11-15] (Symantec Corporation) R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [92456 2013-10-20] (Symantec Corporation) S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-22 19:39 - 2014-10-22 19:40 - 00042834 _____ () C:\Users\Dillon\Desktop\FRST.txt 2014-10-22 19:39 - 2014-10-22 19:39 - 00000000 ____D () C:\Users\Dillon\Desktop\FRST-OlderVersion 2014-10-22 19:10 - 2014-10-22 19:10 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDillon 2014-10-22 19:10 - 2014-10-22 19:10 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForDillon.job 2014-10-22 16:44 - 2014-10-22 19:40 - 00000000 ____D () C:\FRST 2014-10-19 16:55 - 2014-10-19 16:55 - 00000000 _____ () C:\autoexec.bat 2014-10-19 16:53 - 2014-10-19 16:53 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-10-19 16:49 - 2014-10-19 18:21 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-10-19 16:41 - 2014-10-19 16:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Dillon\Downloads\SpyHunter-Installer.exe 2014-10-19 16:32 - 2014-10-19 16:32 - 02112512 _____ (Farbar) C:\Users\Dillon\Downloads\frst64 (1).exe 2014-10-19 16:29 - 2014-10-22 19:39 - 00097280 _____ (Farbar) C:\Users\Dillon\Desktop\FRST64.exe 2014-10-16 19:27 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-16 19:27 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-16 19:27 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-16 19:27 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-16 19:27 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-16 19:27 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-16 19:27 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-16 19:27 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-16 19:27 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-16 19:27 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-16 19:27 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-16 19:27 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-16 19:27 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-16 19:27 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-16 19:27 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-16 19:27 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-16 19:27 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-16 19:27 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-16 19:27 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-16 19:27 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-16 19:27 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-16 19:27 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-16 19:27 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-16 19:27 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-16 19:27 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-16 19:27 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-16 19:27 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-16 19:27 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-16 19:27 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-16 19:27 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-16 19:27 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-16 19:27 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-16 19:27 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-16 19:27 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-16 19:27 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-16 19:27 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-16 19:27 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-16 19:27 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-16 19:27 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-16 19:27 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-10-16 19:27 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-10-16 19:27 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-10-16 19:27 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-10-16 19:27 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-10-16 19:27 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-10-16 19:27 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-10-16 19:27 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-10-16 19:27 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-10-16 19:27 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-10-16 19:27 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-10-16 19:27 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-10-16 19:27 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-16 19:27 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-16 19:27 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-16 19:27 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-16 19:27 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-16 19:27 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-16 19:26 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-16 19:26 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-16 19:26 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-16 19:26 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-16 19:26 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-16 19:26 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-16 19:26 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-16 19:26 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-16 19:26 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-16 19:26 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-16 19:26 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-16 19:26 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-16 19:26 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-16 19:26 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-16 19:26 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-16 19:26 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-16 19:26 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-16 19:26 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-16 19:26 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-16 19:26 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-16 19:26 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-16 19:26 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-16 19:26 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-16 19:25 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-16 19:25 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-16 19:25 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-16 19:25 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-16 19:25 - 2014-08-28 21:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-16 19:25 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-16 19:25 - 2014-08-28 21:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-10-16 19:25 - 2014-08-28 21:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-10-16 19:25 - 2014-08-28 21:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-16 19:25 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-16 19:25 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-16 19:25 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-16 19:25 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-10-16 19:25 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-16 19:25 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-16 19:25 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-16 19:25 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-16 19:25 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-16 19:25 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-16 19:25 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-16 19:25 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-16 19:25 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-16 19:25 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-16 19:25 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-09-30 21:20 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-09-30 21:20 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-28 18:30 - 2014-09-28 18:30 - 00000000 ____D () C:\Users\Dillon\AppData\Local\{E02C60BD-CDBB-47CD-A08B-582B30DA5DA5} 2014-09-28 17:14 - 2014-09-28 17:14 - 00000000 ____D () C:\Users\Dillon\AppData\Local\Microsoft Help 2014-09-28 17:14 - 2014-09-28 17:14 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-23 18:26 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-23 18:26 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-22 19:40 - 2011-08-02 17:49 - 01519251 _____ () C:\Windows\WindowsUpdate.log 2014-10-22 19:18 - 2013-07-12 18:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-22 19:17 - 2011-11-20 19:06 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4074735873-2823687706-4046357401-1001UA.job 2014-10-22 19:13 - 2011-09-18 21:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-22 19:08 - 2011-11-07 17:53 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-10-22 19:08 - 2011-09-05 12:30 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-10-22 18:05 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-22 18:05 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-22 16:18 - 2011-09-18 21:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-22 16:17 - 2011-11-20 19:06 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4074735873-2823687706-4046357401-1001Core.job 2014-10-22 16:12 - 2011-09-04 17:45 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6CEFE9F0-7E8D-4A4B-85DF-40E8D851265E} 2014-10-22 16:09 - 2011-09-18 21:57 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-22 16:08 - 2011-09-18 21:57 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-22 16:06 - 2013-11-15 22:16 - 00000000 ____D () C:\ProgramData\Symantec 2014-10-19 15:52 - 2012-04-22 15:21 - 00000000 ____D () C:\Users\Dillon\AppData\Roaming\uTorrent 2014-10-19 15:50 - 2014-01-11 14:44 - 00000000 ____D () C:\Users\Dillon\AppData\Roaming\Search Protection 2014-10-19 15:49 - 2013-06-07 21:30 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job 2014-10-19 15:49 - 2013-06-03 19:14 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2014-10-19 15:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-19 15:49 - 2009-07-13 23:51 - 00081811 _____ () C:\Windows\setupact.log 2014-10-19 15:06 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-19 15:05 - 2009-07-13 23:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-19 15:02 - 2014-05-10 08:21 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-18 08:38 - 2013-07-30 14:54 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-18 08:26 - 2012-04-19 17:47 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-18 00:20 - 2011-09-07 20:27 - 00000000 ____D () C:\Users\Dillon\AppData\Local\CrashDumps 2014-10-18 00:13 - 2011-09-04 19:36 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-10-15 04:18 - 2012-06-08 11:45 - 00000000 ____D () C:\Users\Dillon\AppData\Roaming\vlc 2014-10-13 14:02 - 2011-09-04 17:35 - 00000000 ____D () C:\Users\Dillon 2014-10-13 14:00 - 2009-07-14 00:13 - 00787414 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-12 22:31 - 2013-08-25 15:06 - 00000000 ____D () C:\Users\Dillon\AppData\Roaming\SoftGrid Client 2014-09-28 11:57 - 2012-12-07 11:01 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDILLON-HP$ 2014-09-28 11:57 - 2012-12-07 11:01 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForDILLON-HP$.job 2014-09-25 19:00 - 2011-09-18 22:04 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-09-24 17:45 - 2013-07-12 18:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-24 17:45 - 2013-07-12 18:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-24 17:45 - 2011-09-19 23:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Files to move or delete: ==================== C:\Users\Dillon\jagex_cl_runescape_LIVE.dat C:\Users\Dillon\jagex_runescape_preferences.dat C:\Users\Dillon\jagex_runescape_preferences2.dat
Some content of TEMP: ==================== C:\Users\Dillon\AppData\Local\Temp\APNStub.exe C:\Users\Dillon\AppData\Local\Temp\avguidx.dll C:\Users\Dillon\AppData\Local\Temp\CommonInstaller.exe C:\Users\Dillon\AppData\Local\Temp\contentDATs.exe C:\Users\Dillon\AppData\Local\Temp\crtFDA1.tmp.exe C:\Users\Dillon\AppData\Local\Temp\Extract.exe C:\Users\Dillon\AppData\Local\Temp\fft83FE.tmp.exe C:\Users\Dillon\AppData\Local\Temp\fsprod.dll C:\Users\Dillon\AppData\Local\Temp\fssfm.dll C:\Users\Dillon\AppData\Local\Temp\gjqudb0m.dll C:\Users\Dillon\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Dillon\AppData\Local\Temp\iGearedHelper.dll C:\Users\Dillon\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe C:\Users\Dillon\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\Dillon\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Dillon\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Dillon\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Dillon\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe C:\Users\Dillon\AppData\Local\Temp\LiveUpdater.exe C:\Users\Dillon\AppData\Local\Temp\MachineIdCreator.exe C:\Users\Dillon\AppData\Local\Temp\mssinstaller.exe C:\Users\Dillon\AppData\Local\Temp\oi_{59E48EC7-9545-4D38-B4C7-AA77C6A2CC83}.exe C:\Users\Dillon\AppData\Local\Temp\preconfig.exe C:\Users\Dillon\AppData\Local\Temp\Resource.exe C:\Users\Dillon\AppData\Local\Temp\SearchProtectionSetup.exe C:\Users\Dillon\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\Dillon\AppData\Local\Temp\SHSetup.exe C:\Users\Dillon\AppData\Local\Temp\SkypeSetup.exe C:\Users\Dillon\AppData\Local\Temp\SP55152.exe C:\Users\Dillon\AppData\Local\Temp\sp58915.exe C:\Users\Dillon\AppData\Local\Temp\sp64126.exe C:\Users\Dillon\AppData\Local\Temp\SRLDetectionLibrary3350345130605290558.dll C:\Users\Dillon\AppData\Local\Temp\tbedrs.dll C:\Users\Dillon\AppData\Local\Temp\ToolbarInstaller.exe C:\Users\Dillon\AppData\Local\Temp\UninstallHPSA.exe C:\Users\Dillon\AppData\Local\Temp\utt2C20.tmp.exe C:\Users\Dillon\AppData\Local\Temp\uttD01A.tmp.exe C:\Users\Dillon\AppData\Local\Temp\vlc-2.0.2-win32.exe C:\Users\Dillon\AppData\Local\Temp\vlc-2.1.3-win32.exe C:\Users\Dillon\AppData\Local\Temp\winziprosetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-28 19:12
==================== End Of Log ============================
wikisend.com/download/986234/Addition.txt
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 22, 2014 20:10:09 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
|
Post by dillon023 on Oct 23, 2014 13:16:12 GMT -8
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-10-2014 Ran by Dillon at 2014-10-23 15:43:58 Run:1 Running from C:\Users\Dillon\Desktop Loaded Profile: Dillon (Available profiles: Dillon) Boot Mode: Normal ==============================================
Content of fixlist: ***************** start (VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe (VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe (Bandoo Media, inc) C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe C:\Program Files (x86)\Windows iLivid Toolbar () C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files (x86)\Ask.com HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe [1694608 2011-11-09] (Bandoo Media, inc) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-09-05] () HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask) HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: [SearchProtection] => C:\Users\Dillon\AppData\Roaming\Search Protection\SearchProtection.EXE [1110888 2014-09-25] (S p i g o t, I n c.) C:\Users\Dillon\AppData\Roaming\Search Protection\SearchProtection.EXE HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: [APISupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Dillon\AppData\Local\Conduit\APISupport\APISupport.dll",DLLRunAPISupport <===== ATTENTION C:\Users\Dillon\AppData\Local\Conduit\APISupport\APISupport.dll C:\Users\Dillon\AppData\Local\Conduit HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: [Search Protection] => C:\Users\Dillon\AppData\Roaming\Search Protection\SP.EXE [1110376 2014-10-09] (S p i g o t, I n c.) C:\Users\Dillon\AppData\Roaming\Search Protection\SP.EXE C:\Users\Dillon\AppData\Roaming\Search Protection HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll [1778584 2011-11-09] (Bandoo Media, inc) AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll [1791384 2011-11-09] (Bandoo Media, inc) AppInit_DLLs-x32: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll [1236368 2011-11-09] (Bandoo Media, inc) AppInit_DLLs-x32: C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll [1233816 2011-11-09] (Bandoo Media, inc) C:\Program Files (x86)\Windows iLivid Toolbar URLSearchHook: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll C:\Program Files (x86)\uTorrentControl2 C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll C:\Program Files (x86)\uTorrentControl_v2 URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) URLSearchHook: HKCU - ButterscotchToolbar BHO - {B94D2A9E-E529-4389-B8DE-4F50D087F0D1} - C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll () C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll C:\Program Files (x86)\ButterscotchToolbar URLSearchHook: HKCU - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} SearchScopes: HKCU - 452EE25FCB2249A5A1EAF2C5F17EB34C URL = isearch.avg.com/search?cid={68061F47-9A2E-43F3-B6DA-D45CA80FD5B4}&mid=fa81eb93f52347d09fdcc15632efa0c3-2eef52e425c702c77c6a767bfe82e59a6dc32504&lang=en&ds=oo011&pr=sa&d=2012-06-30 21:03:05&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKCU - {4B6D3083-3554-4FA3-B303-ED22AA97CC27} URL = searchtronic.net/Search?query={searchTerms}&i=61&tp=chrome SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} SearchScopes: HKCU - {CADC42DA-65D8-4E02-B924-0382E9556ED1} URL = websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=FF099EC6-5D60-4AFF-B4B4-7A93E3526A18&apn_sauid=C4AC8276-6E12-4937-A1B8-4EE38559BCBD BHO: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc) BHO-x32: ChaCha Search Toolbar -> {4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} -> C:\Program Files (x86)\chachatoolbar\chachatoolbar.dll (ChaCha Search, Inc. ) C:\Program Files (x86)\chachatoolbar\chachatoolbar.dll C:\Program Files (x86)\chachatoolbar BHO-x32: uTorrentControl2 Toolbar -> {687578b9-7132-4a7a-80e4-30ee31099e03} -> C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File BHO-x32: uTorrentControl_v2 Toolbar -> {7473b6bd-4691-4744-a82b-7854eb3d70b6} -> C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search) BHO-x32: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () BHO-x32: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) BHO-x32: ButterscotchToolbar BHO -> {B94D2A9E-E529-4389-B8DE-4F50D087F0D1} -> C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll () BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM-x32 - Butterscotch Toolbar - {AF3D7884-B142-414E-943D-75D8D54E1FFF} - C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll () Toolbar: HKLM-x32 - ChaCha Search Toolbar - {4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} - C:\Program Files (x86)\chachatoolbar\chachatoolbar.dll (ChaCha Search, Inc. ) Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () Toolbar: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) Handler: butterscotchtoolbar - {721B7821-181F-44E8-9649-067641EF5AA2} - No File Handler-x32: butterscotchtoolbar - {721B7821-181F-44E8-9649-067641EF5AA2} - C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll () Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search) FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\butterscotch_igeared.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF Extension: Butterscotch Toolbar - C:\Program Files (x86)\ButterscotchToolbar\Firefox\butterscotch@igeared [2012-02-01] CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Simple Pass 2011) - C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File CHR Extension: (uTorrentControl_v2) - C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2013-08-04] CHR Extension: (AVG Security Toolbar) - C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-10-03] CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Dillon\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-14] CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Dillon\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-08-14] CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Dillon\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-14] CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-27] CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Dillon\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2014-04-27] R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-14] (AVG Secure Search) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-14] (AVG Technologies) 2014-10-19 16:53 - 2014-10-19 16:53 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-10-19 16:49 - 2014-10-19 18:21 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-10-19 16:41 - 2014-10-19 16:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Dillon\Downloads\SpyHunter-Installer.exe 2014-10-19 16:32 - 2014-10-19 16:32 - 02112512 _____ (Farbar) C:\Users\Dillon\Downloads\frst64 (1).exe 2014-10-19 15:50 - 2014-01-11 14:44 - 00000000 ____D () C:\Users\Dillon\AppData\Roaming\Search Protection C:\Users\Dillon\AppData\Local\Temp\APNStub.exe C:\Users\Dillon\AppData\Local\Temp\avguidx.dll C:\Users\Dillon\AppData\Local\Temp\CommonInstaller.exe C:\Users\Dillon\AppData\Local\Temp\contentDATs.exe C:\Users\Dillon\AppData\Local\Temp\crtFDA1.tmp.exe C:\Users\Dillon\AppData\Local\Temp\Extract.exe C:\Users\Dillon\AppData\Local\Temp\fft83FE.tmp.exe C:\Users\Dillon\AppData\Local\Temp\fsprod.dll C:\Users\Dillon\AppData\Local\Temp\fssfm.dll C:\Users\Dillon\AppData\Local\Temp\gjqudb0m.dll C:\Users\Dillon\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Dillon\AppData\Local\Temp\iGearedHelper.dll C:\Users\Dillon\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe C:\Users\Dillon\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\Dillon\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Dillon\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Dillon\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Dillon\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe C:\Users\Dillon\AppData\Local\Temp\LiveUpdater.exe C:\Users\Dillon\AppData\Local\Temp\MachineIdCreator.exe C:\Users\Dillon\AppData\Local\Temp\mssinstaller.exe C:\Users\Dillon\AppData\Local\Temp\oi_{59E48EC7-9545-4D38-B4C7-AA77C6A2CC83}.exe C:\Users\Dillon\AppData\Local\Temp\preconfig.exe C:\Users\Dillon\AppData\Local\Temp\Resource.exe C:\Users\Dillon\AppData\Local\Temp\SearchProtectionSetup.exe C:\Users\Dillon\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\Dillon\AppData\Local\Temp\SHSetup.exe C:\Users\Dillon\AppData\Local\Temp\SkypeSetup.exe C:\Users\Dillon\AppData\Local\Temp\SP55152.exe C:\Users\Dillon\AppData\Local\Temp\sp58915.exe C:\Users\Dillon\AppData\Local\Temp\sp64126.exe C:\Users\Dillon\AppData\Local\Temp\SRLDetectionLibrary3350345130605290558.dll C:\Users\Dillon\AppData\Local\Temp\tbedrs.dll C:\Users\Dillon\AppData\Local\Temp\ToolbarInstaller.exe C:\Users\Dillon\AppData\Local\Temp\UninstallHPSA.exe C:\Users\Dillon\AppData\Local\Temp\utt2C20.tmp.exe C:\Users\Dillon\AppData\Local\Temp\uttD01A.tmp.exe C:\Users\Dillon\AppData\Local\Temp\vlc-2.0.2-win32.exe C:\Users\Dillon\AppData\Local\Temp\vlc-2.1.3-win32.exe C:\Users\Dillon\AppData\Local\Temp\winziprosetup.exe CustomCLSID: HKU\S-1-5-21-4074735873-2823687706-4046357401-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? Task: {ECC6F0BF-E3AE-46FE-9D4F-23A9776A87F1} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] () <==== ATTENTION Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{CD30BA54-A27A-42C2-BAD1-92906BD722B3}.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{84FDD6C5-D5ED-41FE-86AC-1421BD8B2F77}.exe end *****************
[2920] C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe => Process closed successfully. [2972] C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe => Process closed successfully. [2980] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe => Process closed successfully. C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe => Moved successfully. [3016] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe => Process closed successfully. C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe => Moved successfully. [5668] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe => Process closed successfully. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe => Moved successfully. C:\Program Files (x86)\Windows iLivid Toolbar => Moved successfully. [5752] C:\Program Files (x86)\AVG Secure Search\vprot.exe => Process closed successfully. C:\Program Files (x86)\AVG Secure Search\vprot.exe => Moved successfully. [5760] C:\Program Files (x86)\Ask.com\Updater\Updater.exe => Process closed successfully. C:\Program Files (x86)\Ask.com\Updater\Updater.exe => Moved successfully. C:\Program Files (x86)\Ask.com => Moved successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => value deleted successfully. HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection => value deleted successfully. C:\Users\Dillon\AppData\Roaming\Search Protection\SearchProtection.EXE => Moved successfully. HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\Software\Microsoft\Windows\CurrentVersion\Run\\APISupport => value deleted successfully. C:\Users\Dillon\AppData\Local\Conduit\APISupport\APISupport.dll => Moved successfully. C:\Users\Dillon\AppData\Local\Conduit => Moved successfully. HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection => value deleted successfully. C:\Users\Dillon\AppData\Roaming\Search Protection\SP.EXE => Moved successfully.
"C:\Users\Dillon\AppData\Roaming\Search Protection" directory move:
C:\Users\Dillon\AppData\Roaming\Search Protection\Uninstall.exe => Moved successfully. Could not move "C:\Users\Dillon\AppData\Roaming\Search Protection" directory. => Scheduled to move on reboot.
"HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully. "HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully. "C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll" => Value Data removed successfully. "C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll" => Value Data removed successfully. "C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll" => Value Data removed successfully. "C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll" => Value Data removed successfully. "C:\Program Files (x86)\Windows iLivid Toolbar" => File/Directory not found. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}" => Key deleted successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}" => Key deleted successfully. C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll => Moved successfully. C:\Program Files (x86)\uTorrentControl2 => Moved successfully. C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll => Moved successfully. C:\Program Files (x86)\uTorrentControl_v2 => Moved successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}" => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B94D2A9E-E529-4389-B8DE-4F50D087F0D1} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{B94D2A9E-E529-4389-B8DE-4F50D087F0D1}" => Key deleted successfully. C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll => Moved successfully. C:\Program Files (x86)\ButterscotchToolbar => Moved successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully. "HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully. "HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\452EE25FCB2249A5A1EAF2C5F17EB34C" => Key deleted successfully. "HKCR\CLSID\452EE25FCB2249A5A1EAF2C5F17EB34C" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully. "HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B6D3083-3554-4FA3-B303-ED22AA97CC27}" => Key deleted successfully. "HKCR\CLSID\{4B6D3083-3554-4FA3-B303-ED22AA97CC27}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully. "HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found. "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CADC42DA-65D8-4E02-B924-0382E9556ED1}" => Key deleted successfully. "HKCR\CLSID\{CADC42DA-65D8-4E02-B924-0382E9556ED1}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}" => Key deleted successfully. "HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C}" => Key deleted successfully. C:\Program Files (x86)\chachatoolbar\chachatoolbar.dll => Moved successfully. C:\Program Files (x86)\chachatoolbar => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B94D2A9E-E529-4389-B8DE-4F50D087F0D1}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{B94D2A9E-E529-4389-B8DE-4F50D087F0D1}" => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{AF3D7884-B142-414E-943D-75D8D54E1FFF} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{AF3D7884-B142-414E-943D-75D8D54E1FFF}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C}" => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}" => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}" => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}" => Key not found. "HKCR\PROTOCOLS\Handler\butterscotchtoolbar" => Key deleted successfully. "HKCR\CLSID\{721B7821-181F-44E8-9649-067641EF5AA2}" => Key not found. "HKCR\Wow6432Node\PROTOCOLS\Handler\butterscotchtoolbar" => Key not found. "HKCR\Wow6432Node\CLSID\{721B7821-181F-44E8-9649-067641EF5AA2}" => Key deleted successfully. "HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin" => Key deleted successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml => Moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\butterscotch_igeared.xml => Moved successfully. C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml => Moved successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml => Moved successfully. C:\Program Files (x86)\ButterscotchToolbar\Firefox\butterscotch@igeared not found. C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll not found. C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll not found. C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll not found. C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll not found. C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll not found. C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll not found. c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll not found. C:\Windows\system32\Adobe\Director\np32dsw.dll not found. C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll not found. C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll not found. C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda => Moved successfully. C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Moved successfully. "HKCU\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda" => Key deleted successfully. C:\Users\Dillon\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx => Moved successfully. "HKCU\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc" => Key deleted successfully. "C:\Users\Dillon\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx" => File/Directory not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda" => Key deleted successfully. "C:\Users\Dillon\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx" => File/Directory not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof" => Key deleted successfully. C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc" => Key deleted successfully. "C:\Users\Dillon\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx" => File/Directory not found. vToolbarUpdater18.1.9 => Service deleted successfully. avgtp => Service stopped successfully. avgtp => Service deleted successfully. C:\Program Files\Enigma Software Group => Moved successfully. C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP => Moved successfully. C:\Users\Dillon\Downloads\SpyHunter-Installer.exe => Moved successfully. C:\Users\Dillon\Downloads\frst64 (1).exe => Moved successfully.
"C:\Users\Dillon\AppData\Roaming\Search Protection" directory move:
Could not move "C:\Users\Dillon\AppData\Roaming\Search Protection" directory. => Scheduled to move on reboot.
C:\Users\Dillon\AppData\Local\Temp\APNStub.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\avguidx.dll => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\CommonInstaller.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\contentDATs.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\crtFDA1.tmp.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\Extract.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\fft83FE.tmp.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\fsprod.dll => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\fssfm.dll => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\gjqudb0m.dll => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\HPHelpUpdater.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\iGearedHelper.dll => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\LiveUpdater.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\MachineIdCreator.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\mssinstaller.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\oi_{59E48EC7-9545-4D38-B4C7-AA77C6A2CC83}.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\preconfig.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\Resource.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\SearchProtectionSetup.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\SHSetup.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\SkypeSetup.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\SP55152.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\sp58915.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\sp64126.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\SRLDetectionLibrary3350345130605290558.dll => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\tbedrs.dll => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\ToolbarInstaller.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\utt2C20.tmp.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\uttD01A.tmp.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\vlc-2.0.2-win32.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\vlc-2.1.3-win32.exe => Moved successfully. C:\Users\Dillon\AppData\Local\Temp\winziprosetup.exe => Moved successfully. "HKU\S-1-5-21-4074735873-2823687706-4046357401-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECC6F0BF-E3AE-46FE-9D4F-23A9776A87F1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECC6F0BF-E3AE-46FE-9D4F-23A9776A87F1}" => Key deleted successfully. C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => Key deleted successfully. C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => Moved successfully. C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Oct 23, 2014 14:39:00 GMT -8
How is your system running now? Read carefullyDownload Adwcleaner from here to your desktop and run a scan. You may have to right click adwcleaner.exe and choose "Run as Administrator" from the menu. (Click the Scan button to start the scanning). It will create a log after it is finished scanning. If not (or if it just asks for you to uncheck what you don't wanted deleted), there is a Report button in the middle of the main window; click that and it will make the log file. Once the report file is made, you can leave AdwCleaner running (but don't delete anything yet) or you can close it down (we can always get a fresh scan done before the deletions). ONE SCAN ONLY, PLEASEAttach or paste the log back here for review and further instructions. Thanks.
|
|
|
Post by dillon023 on Oct 23, 2014 16:26:40 GMT -8
Much better, and all of the dllhost.exe are gone.
# AdwCleaner v4.001 - Report created 23/10/2014 at 18:46:25 # Updated 20/10/2014 by Xplode # Database : 2014-10-23.2 # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Dillon - DILLON-HP # Running from : C:\Users\Dillon\Desktop\AdwCleaner.exe # Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal File Found : C:\Users\Dillon\AppData\Local\Temp\EsgScanner.sys File Found : C:\Windows\System32\roboot64.exe Folder Found : C:\Program Files (x86)\AVG Secure Search Folder Found : C:\Program Files (x86)\AVG Security Toolbar Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\iLivid Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\AVG Secure Search Folder Found : C:\ProgramData\ButterscotchToolbar Folder Found : C:\Users\Dillon\AppData\Local\apn Folder Found : C:\Users\Dillon\AppData\Local\AVG Secure Search Folder Found : C:\Users\Dillon\AppData\Local\Ilivid Player Folder Found : C:\Users\Dillon\AppData\Local\PackageAware Folder Found : C:\Users\Dillon\AppData\LocalLow\AskToolbar Folder Found : C:\Users\Dillon\AppData\LocalLow\AVG Secure Search Folder Found : C:\Users\Dillon\AppData\LocalLow\ButterscotchToolbar Folder Found : C:\Users\Dillon\AppData\LocalLow\Conduit Folder Found : C:\Users\Dillon\AppData\LocalLow\Datamngr Folder Found : C:\Users\Dillon\AppData\LocalLow\DataMngr Folder Found : C:\Users\Dillon\AppData\LocalLow\searchquband Folder Found : C:\Users\Dillon\AppData\LocalLow\Searchqutoolbar Folder Found : C:\Users\Dillon\AppData\LocalLow\uTorrentControl_v2 Folder Found : C:\Users\Dillon\AppData\LocalLow\uTorrentControl2 Folder Found : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\APN Key Found : HKCU\Software\AppDataLow\Software\AskToolbar Key Found : HKCU\Software\AppDataLow\Software\ButterscotchToolbar Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\Search Protection Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl_v2 Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl2 Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Ask.com Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\IGearSettings Key Found : HKCU\Software\ilivid Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection Key Found : [x64] HKCU\Software\APN Key Found : [x64] HKCU\Software\Ask.com Key Found : [x64] HKCU\Software\AVG Secure Search Key Found : [x64] HKCU\Software\Conduit Key Found : [x64] HKCU\Software\DataMngr Key Found : [x64] HKCU\Software\DataMngr_Toolbar Key Found : [x64] HKCU\Software\IGearSettings Key Found : [x64] HKCU\Software\ilivid Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Found : HKLM\SOFTWARE\APN Key Found : HKLM\SOFTWARE\AskToolbar Key Found : HKLM\SOFTWARE\AVG Secure Search Key Found : HKLM\SOFTWARE\AVG Security Toolbar Key Found : HKLM\SOFTWARE\ButterscotchToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF} Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll Key Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Found : HKLM\SOFTWARE\Classes\BrowserConnection.Loader Key Found : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{38FECD23-5D3D-4B4D-8B1D-2E0C24BB6EA7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1 Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Key Found : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\Interface\{EBB69CE8-67AC-450D-8463-8FFAC54B8565} Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Found : HKLM\SOFTWARE\Classes\S Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FB798CE1-9C2B-4944-8537-E4F6BAD8F990} Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\DataMngr Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12B50C5B-C88E-4537-940A-5E4072AD6409} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91CCD5C7-1120-4BCC-9C97-0A876BBA4001} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF3D7884-B142-414E-943D-75D8D54E1FFF} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C75CB5E8-CED1-49F7-95EC-013786B6712D} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA70065C-65F0-4B65-9E33-135356D8B16F} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Butterscotch Toolbar_is1 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar Key Found : HKLM\SOFTWARE\SearchquMediabarTb Key Found : HKLM\SOFTWARE\uTorrentControl_v2 Key Found : HKLM\SOFTWARE\uTorrentControl2 Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EBB69CE8-67AC-450D-8463-8FFAC54B8565} Key Found : [x64] HKLM\SOFTWARE\DataMngr Key Found : [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [butterscotch@igeared]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v
-\\ Google Chrome v37.0.2062.124
*************************
AdwCleaner[R0].txt - [19387 octets] - [23/10/2014 18:46:25]
|
|