|
|
Post by dillon023 on Oct 22, 2014 13:56:05 GMT -8
I see im having the same problem as many others. Im running Windows 7 Home Premium 64 bit.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 22, 2014 14:38:43 GMT -8
Do Not use advanced tools or any tools used on this board without supervision.
Malware removal can be difficult over a forum as it is, without a user doing their own actions, the tools used are more advanced and thus have added danger that comes with that. This board is protected so that only Malware removers, Admin and Mods can reply to a users thread but all members can create a thread asking for removal of Infection(s)
Make changes to your computer only when the Malware Expert specifically states it. The Malware Experts request specific steps to be followed, as some malware removal requires multiple steps and evaluations along the way. When you take other advice or make other changes, this often negates the work done by the expert, and can sometimes result in an inoperable system.
This also includes any tools or steps other than those the from the Malware Expert. We need to be certain about the state of your system to see what actually is going on, and what is required to fix the system while not harming the rest of the system. Most often, well-intentioned independent efforts can make things much worse. The malware remediation tools are more advanced than othe tools, and can often create bigger problems when used without expert guidance.
Follow all the directions in order, and to the end. Please perform all steps in the order they are listed in each set of instructions. As you might imagine, some steps are a bit complicated. If things are not clear, be sure to stop and let the Malware Expert know the problem. We don't mind clarifying a situation, as others might have the same question. If a tool does not run as expected, don't force it. Stop the steps, and update the forum topic with the current situation. It is better stop and let us know, than to force a tool to run and cause bigger problems.
Also, when your computer is clean and we are finished, the Expert will tell you we are finished. Malware removal is a process that requires verification, and we want to be sure your system is completely clean before we're done.
When describing your problem, provide as much information as possible, as soon as possible. Explain as best you can what happens with your computer, e.g. it beeps three times, black screen with cursor then goes no further, system gets stuck at the Windows startup logo, etc. This helps the expert to understand what is happening to the system and what may be wrong. If your computer cannot start up successfully please provide details about your installed Windows Operating System, including the Version, Edition and if it is a 32bit or a 64bit system. (e.g. Windows Vista Home Premium 32-bit)
When the user follow instructions and things still go a little haywire, and it does happen, it is up to us to sort the extra problem out.
Take longer to read if your language is not English, so that hopefully it is understood.
Reply stating you have read the post fully.
I also if it is busy (have a lot of systems at once to deal with) like being in a supermarket checkout line, waiting their turn, I use the forum like a checkout line.
And the Forum is VERY BUSY at the moment for just 2 Removers, so Please be patient as no one would want us to do a script wrong and hurt someones Computer / System
Quads
|
|
|
|
Post by dillon023 on Oct 22, 2014 14:42:28 GMT -8
I have read the post fully. Thank you for your time.
|
|
|
|
Post by dillon023 on Oct 22, 2014 16:20:02 GMT -8
Also just had this pop up.
[SID: 26002] Web Attack: Exploit Toolkit Website 32 attack blocked. Traffic has been blocked for this application: \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSWOW64\DLLHOST.EXE
|
|
dbrisen
Malware Removalists
Posts: 3,688 
|
Post by dbrisen on Oct 22, 2014 16:26:11 GMT -8
Read Slowly and all of it.Please download www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ You need to download the 64 bit version. Place FRST64.exe onto your desktop from where ever it downloaded to. IF IT IS NOT ON THE DESKTOP (YOU DID NOT DOWNLOAD DIRECTLY TO DESKTOP), THEN RIGHT CLICK ON THE DOWNLOADED FILE AND SELECT CUT. FIND A BLANK SPOT ON YOUR DESKTOP AND RIGHT CLICK ON IT, SELECT PASTE AND THE FILE WILL BE ON THE DESKTOP. Thank You (this is very important later on)! Start FRST64 that is on your DesktopThe tool will start to run. When the tool opens click Yes to disclaimer. (if it does) Press Scan button. It will make two logs ( FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. ( Ask if you don't know how to do either of these). Right now the forum will not allow one to attach the Addition.txt file so please use wikisend.com to upload the file and then post the download link here in your reply post.
|
|
|
|
Post by dillon023 on Oct 22, 2014 16:54:04 GMT -8
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014
Ran by Dillon (administrator) on DILLON-HP on 22-10-2014 19:39:55
Running from C:\Users\Dillon\Desktop
Loaded Profile: Dillon (Available profiles: Dillon)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe
(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alcatel-Lucent) C:\Program Files\CLink\McciTrayApp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
() C:\Users\Dillon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Bandoo Media, inc) C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(S p i g o t, I n c.) C:\Users\Dillon\AppData\Roaming\Search Protection\SP.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\SymCorpUI.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SmcGui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ProtectionUtilSurrogate.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-10-17] (IDT, Inc.)
HKLM\...\Run: [CLink_McciTrayApp] => C:\Program Files\CLink\McciTrayApp.exe [2671104 2012-02-13] (Alcatel-Lucent)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-25] (cyberlink)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe [1694608 2011-11-09] (Bandoo Media, inc)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-09-05] ()
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] ()
HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: => C:\Users\Dillon\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [108136 2012-04-22] (Siber Systems)
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: => C:\Users\Dillon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [932528 2012-06-19] ()
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: [SearchProtection] => C:\Users\Dillon\AppData\Roaming\Search Protection\SearchProtection.EXE [1110888 2014-09-25] (S p i g o t, I n c.)
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: [APISupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Dillon\AppData\Local\Conduit\APISupport\APISupport.dll",DLLRunAPISupport <===== ATTENTION
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: [uTorrent] => C:\Users\Dillon\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-08] (BitTorrent Inc.)
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: [Search Protection] => C:\Users\Dillon\AppData\Roaming\Search Protection\SP.EXE [1110376 2014-10-09] (S p i g o t, I n c.)
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe [854704 2014-09-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\MountPoints2: {1231af00-7a00-11e1-a538-101f740b4930} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\MountPoints2: {135d9822-3276-11e1-abdf-101f740b4930} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\MountPoints2: {2b60d530-2de0-11e3-b393-101f740b4930} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\MountPoints2: {e00a1760-fd0b-11e0-a467-101f740b4930} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\MountPoints2: {fe823852-e1b6-11e2-b7d4-101f740b4930} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll [1778584 2011-11-09] (Bandoo Media, inc)
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll [1791384 2011-11-09] (Bandoo Media, inc)
AppInit_DLLs-x32: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll [1236368 2011-11-09] (Bandoo Media, inc)
AppInit_DLLs-x32: C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll [1233816 2011-11-09] (Bandoo Media, inc)
Startup: C:\Users\Dillon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Dillon\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/HPNOT/1
URLSearchHook: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - ButterscotchToolbar BHO - {B94D2A9E-E529-4389-B8DE-4F50D087F0D1} - C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll ()
URLSearchHook: HKCU - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM - {F0C07441-FD14-4F34-9C4C-A673AFE4ADE0} URL = www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {F0C07441-FD14-4F34-9C4C-A673AFE4ADE0} URL = www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - DefaultScope {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - 452EE25FCB2249A5A1EAF2C5F17EB34C URL = isearch.avg.com/search?cid={68061F47-9A2E-43F3-B6DA-D45CA80FD5B4}&mid=fa81eb93f52347d09fdcc15632efa0c3-2eef52e425c702c77c6a767bfe82e59a6dc32504&lang=en&ds=oo011&pr=sa&d=2012-06-30 21:03:05&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {4B6D3083-3554-4FA3-B303-ED22AA97CC27} URL = searchtronic.net/Search?query={searchTerms}&i=61&tp=chrome
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {AB8A3D5A-39A2-47B0-9F32-1CFA6DFCE567} URL = search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {CADC42DA-65D8-4E02-B924-0382E9556ED1} URL = websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=FF099EC6-5D60-4AFF-B4B4-7A93E3526A18&apn_sauid=C4AC8276-6E12-4937-A1B8-4EE38559BCBD
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {F0C07441-FD14-4F34-9C4C-A673AFE4ADE0} URL = www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: ChaCha Search Toolbar -> {4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} -> C:\Program Files (x86)\chachatoolbar\chachatoolbar.dll (ChaCha Search, Inc. )
BHO-x32: uTorrentControl2 Toolbar -> {687578b9-7132-4a7a-80e4-30ee31099e03} -> C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: uTorrentControl_v2 Toolbar -> {7473b6bd-4691-4744-a82b-7854eb3d70b6} -> C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO-x32: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: ButterscotchToolbar BHO -> {B94D2A9E-E529-4389-B8DE-4F50D087F0D1} -> C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll ()
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Butterscotch Toolbar - {AF3D7884-B142-414E-943D-75D8D54E1FFF} - C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll ()
Toolbar: HKLM-x32 - ChaCha Search Toolbar - {4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} - C:\Program Files (x86)\chachatoolbar\chachatoolbar.dll (ChaCha Search, Inc. )
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {1D082E71-DF20-4AAF-863B-596428C49874} www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
Handler: butterscotchtoolbar - {721B7821-181F-44E8-9649-067641EF5AA2} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: butterscotchtoolbar - {721B7821-181F-44E8-9649-067641EF5AA2} - C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-05-08] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wildtangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: @worldwinner.com/Launcher2,version=1.10.0.25 -> C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dillon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\butterscotch_igeared.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2013-07-03]
FF HKLM-x32\...\Firefox\Extensions: [butterscotch@igeared] - C:\Program Files (x86)\ButterscotchToolbar\Firefox\butterscotch@igeared
FF Extension: Butterscotch Toolbar - C:\Program Files (x86)\ButterscotchToolbar\Firefox\butterscotch@igeared [2012-02-01]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-04-22]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF [2013-11-15]
Chrome:
=======
CHR HomePage: Default -> hxxp://search.yahoo.com/?type=714647&fr=spigot-yhp-ch
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchURL: Default -> search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=714647&p={searchTerms}
CHR DefaultSuggestURL: Default -> ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Simple Pass 2011) - C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Website Logon) - C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe [2011-09-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (uTorrentControl_v2) - C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2013-08-04]
CHR Extension: (AVG Security Toolbar) - C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-10-03]
CHR Extension: (Google Wallet) - C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Dillon\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-14]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Dillon\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-08-14]
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Dillon\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-27]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Dillon\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2014-04-27]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [361472 2011-08-20] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [441344 2011-08-20] (Alcatel-Lucent) [File not signed]
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2013-10-20] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2013-10-20] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2013-10-20] (Symantec Corporation)
R2 VTechUSBSocketService; C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe [82824 2013-03-28] (VTech)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-14] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-14] (AVG Technologies)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2013-10-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-18] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20141021.011\IDSvia64.sys [525016 2014-08-08] (Symantec Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-02-13] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-02-13] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141022.003\ENG64.SYS [129752 2014-08-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141022.003\EX64.SYS [2137304 2014-08-20] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2013-10-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2013-10-20] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2013-10-20] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2013-10-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2013-10-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2013-10-20] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2013-10-20] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2013-11-15] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [92456 2013-10-20] (Symantec Corporation)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-22 19:39 - 2014-10-22 19:40 - 00042834 _____ () C:\Users\Dillon\Desktop\FRST.txt
2014-10-22 19:39 - 2014-10-22 19:39 - 00000000 ____D () C:\Users\Dillon\Desktop\FRST-OlderVersion
2014-10-22 19:10 - 2014-10-22 19:10 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDillon
2014-10-22 19:10 - 2014-10-22 19:10 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForDillon.job
2014-10-22 16:44 - 2014-10-22 19:40 - 00000000 ____D () C:\FRST
2014-10-19 16:55 - 2014-10-19 16:55 - 00000000 _____ () C:\autoexec.bat
2014-10-19 16:53 - 2014-10-19 16:53 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-19 16:49 - 2014-10-19 18:21 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-19 16:41 - 2014-10-19 16:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Dillon\Downloads\SpyHunter-Installer.exe
2014-10-19 16:32 - 2014-10-19 16:32 - 02112512 _____ (Farbar) C:\Users\Dillon\Downloads\frst64 (1).exe
2014-10-19 16:29 - 2014-10-22 19:39 - 00097280 _____ (Farbar) C:\Users\Dillon\Desktop\FRST64.exe
2014-10-16 19:27 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 19:27 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 19:27 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 19:27 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 19:27 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 19:27 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 19:27 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 19:27 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 19:27 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 19:27 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 19:27 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 19:27 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 19:27 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 19:27 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 19:27 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 19:27 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 19:27 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 19:27 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 19:27 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 19:27 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 19:27 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 19:27 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 19:27 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 19:27 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 19:27 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 19:27 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 19:27 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 19:27 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 19:27 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 19:27 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 19:27 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 19:27 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 19:27 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 19:27 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 19:27 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 19:27 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 19:27 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 19:27 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 19:27 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 19:27 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-16 19:27 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-16 19:27 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-16 19:27 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-16 19:27 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-16 19:27 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-16 19:27 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-16 19:27 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-16 19:27 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-16 19:27 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-16 19:27 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-16 19:27 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-16 19:27 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 19:27 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 19:27 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 19:27 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 19:27 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 19:27 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 19:26 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 19:26 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 19:26 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 19:26 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 19:26 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 19:26 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 19:26 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 19:26 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 19:26 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 19:26 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 19:26 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 19:26 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 19:26 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 19:26 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 19:26 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 19:26 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 19:26 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 19:26 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 19:26 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 19:26 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 19:26 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 19:26 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 19:26 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 19:25 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 19:25 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 19:25 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 19:25 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 19:25 - 2014-08-28 21:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 19:25 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 19:25 - 2014-08-28 21:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 19:25 - 2014-08-28 21:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-16 19:25 - 2014-08-28 21:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 19:25 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 19:25 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 19:25 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 19:25 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-16 19:25 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 19:25 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 19:25 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 19:25 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 19:25 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 19:25 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 19:25 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 19:25 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 19:25 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 19:25 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 19:25 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-09-30 21:20 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 21:20 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-28 18:30 - 2014-09-28 18:30 - 00000000 ____D () C:\Users\Dillon\AppData\Local\{E02C60BD-CDBB-47CD-A08B-582B30DA5DA5}
2014-09-28 17:14 - 2014-09-28 17:14 - 00000000 ____D () C:\Users\Dillon\AppData\Local\Microsoft Help
2014-09-28 17:14 - 2014-09-28 17:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-23 18:26 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 18:26 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-22 19:40 - 2011-08-02 17:49 - 01519251 _____ () C:\Windows\WindowsUpdate.log
2014-10-22 19:18 - 2013-07-12 18:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-22 19:17 - 2011-11-20 19:06 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4074735873-2823687706-4046357401-1001UA.job
2014-10-22 19:13 - 2011-09-18 21:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 19:08 - 2011-11-07 17:53 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-22 19:08 - 2011-09-05 12:30 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-22 18:05 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 18:05 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 16:18 - 2011-09-18 21:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 16:17 - 2011-11-20 19:06 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4074735873-2823687706-4046357401-1001Core.job
2014-10-22 16:12 - 2011-09-04 17:45 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6CEFE9F0-7E8D-4A4B-85DF-40E8D851265E}
2014-10-22 16:09 - 2011-09-18 21:57 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-22 16:08 - 2011-09-18 21:57 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 16:06 - 2013-11-15 22:16 - 00000000 ____D () C:\ProgramData\Symantec
2014-10-19 15:52 - 2012-04-22 15:21 - 00000000 ____D () C:\Users\Dillon\AppData\Roaming\uTorrent
2014-10-19 15:50 - 2014-01-11 14:44 - 00000000 ____D () C:\Users\Dillon\AppData\Roaming\Search Protection
2014-10-19 15:49 - 2013-06-07 21:30 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-10-19 15:49 - 2013-06-03 19:14 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-10-19 15:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 15:49 - 2009-07-13 23:51 - 00081811 _____ () C:\Windows\setupact.log
2014-10-19 15:06 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-19 15:05 - 2009-07-13 23:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-19 15:02 - 2014-05-10 08:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-18 08:38 - 2013-07-30 14:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 08:26 - 2012-04-19 17:47 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-18 00:20 - 2011-09-07 20:27 - 00000000 ____D () C:\Users\Dillon\AppData\Local\CrashDumps
2014-10-18 00:13 - 2011-09-04 19:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-15 04:18 - 2012-06-08 11:45 - 00000000 ____D () C:\Users\Dillon\AppData\Roaming\vlc
2014-10-13 14:02 - 2011-09-04 17:35 - 00000000 ____D () C:\Users\Dillon
2014-10-13 14:00 - 2009-07-14 00:13 - 00787414 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-12 22:31 - 2013-08-25 15:06 - 00000000 ____D () C:\Users\Dillon\AppData\Roaming\SoftGrid Client
2014-09-28 11:57 - 2012-12-07 11:01 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDILLON-HP$
2014-09-28 11:57 - 2012-12-07 11:01 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForDILLON-HP$.job
2014-09-25 19:00 - 2011-09-18 22:04 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 17:45 - 2013-07-12 18:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 17:45 - 2013-07-12 18:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 17:45 - 2011-09-19 23:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Files to move or delete:
====================
C:\Users\Dillon\jagex_cl_runescape_LIVE.dat
C:\Users\Dillon\jagex_runescape_preferences.dat
C:\Users\Dillon\jagex_runescape_preferences2.dat
Some content of TEMP:
====================
C:\Users\Dillon\AppData\Local\Temp\APNStub.exe
C:\Users\Dillon\AppData\Local\Temp\avguidx.dll
C:\Users\Dillon\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Dillon\AppData\Local\Temp\contentDATs.exe
C:\Users\Dillon\AppData\Local\Temp\crtFDA1.tmp.exe
C:\Users\Dillon\AppData\Local\Temp\Extract.exe
C:\Users\Dillon\AppData\Local\Temp\fft83FE.tmp.exe
C:\Users\Dillon\AppData\Local\Temp\fsprod.dll
C:\Users\Dillon\AppData\Local\Temp\fssfm.dll
C:\Users\Dillon\AppData\Local\Temp\gjqudb0m.dll
C:\Users\Dillon\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Dillon\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Dillon\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe
C:\Users\Dillon\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Dillon\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Dillon\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Dillon\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Dillon\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Dillon\AppData\Local\Temp\LiveUpdater.exe
C:\Users\Dillon\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Dillon\AppData\Local\Temp\mssinstaller.exe
C:\Users\Dillon\AppData\Local\Temp\oi_{59E48EC7-9545-4D38-B4C7-AA77C6A2CC83}.exe
C:\Users\Dillon\AppData\Local\Temp\preconfig.exe
C:\Users\Dillon\AppData\Local\Temp\Resource.exe
C:\Users\Dillon\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Dillon\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Dillon\AppData\Local\Temp\SHSetup.exe
C:\Users\Dillon\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Dillon\AppData\Local\Temp\SP55152.exe
C:\Users\Dillon\AppData\Local\Temp\sp58915.exe
C:\Users\Dillon\AppData\Local\Temp\sp64126.exe
C:\Users\Dillon\AppData\Local\Temp\SRLDetectionLibrary3350345130605290558.dll
C:\Users\Dillon\AppData\Local\Temp\tbedrs.dll
C:\Users\Dillon\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Dillon\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Dillon\AppData\Local\Temp\utt2C20.tmp.exe
C:\Users\Dillon\AppData\Local\Temp\uttD01A.tmp.exe
C:\Users\Dillon\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Dillon\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Dillon\AppData\Local\Temp\winziprosetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-28 19:12
==================== End Of Log ============================
wikisend.com/download/986234/Addition.txt |
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 22, 2014 20:10:09 GMT -8
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script attached, needs to be the same file name as well (fixlist.txt), have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work for FRST (Right click on the attachment link (not the normal left click) and from the menu choose Save As or Save Link as.)
The script tells FRST what to do.
Start FRST that is on the desktop
When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
Quads
|
|
|
|
Post by dillon023 on Oct 23, 2014 13:16:12 GMT -8
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-10-2014
Ran by Dillon at 2014-10-23 15:43:58 Run:1
Running from C:\Users\Dillon\Desktop
Loaded Profile: Dillon (Available profiles: Dillon)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe
(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Bandoo Media, inc) C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Windows iLivid Toolbar
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Ask.com
HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe [1694608 2011-11-09] (Bandoo Media, inc)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-09-05] ()
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: [SearchProtection] => C:\Users\Dillon\AppData\Roaming\Search Protection\SearchProtection.EXE [1110888 2014-09-25] (S p i g o t, I n c.)
C:\Users\Dillon\AppData\Roaming\Search Protection\SearchProtection.EXE
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: [APISupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Dillon\AppData\Local\Conduit\APISupport\APISupport.dll",DLLRunAPISupport <===== ATTENTION
C:\Users\Dillon\AppData\Local\Conduit\APISupport\APISupport.dll
C:\Users\Dillon\AppData\Local\Conduit
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...\Run: [Search Protection] => C:\Users\Dillon\AppData\Roaming\Search Protection\SP.EXE [1110376 2014-10-09] (S p i g o t, I n c.)
C:\Users\Dillon\AppData\Roaming\Search Protection\SP.EXE
C:\Users\Dillon\AppData\Roaming\Search Protection
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll [1778584 2011-11-09] (Bandoo Media, inc)
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll [1791384 2011-11-09] (Bandoo Media, inc)
AppInit_DLLs-x32: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll [1236368 2011-11-09] (Bandoo Media, inc)
AppInit_DLLs-x32: C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll => C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll [1233816 2011-11-09] (Bandoo Media, inc)
C:\Program Files (x86)\Windows iLivid Toolbar
URLSearchHook: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
C:\Program Files (x86)\uTorrentControl2
C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
C:\Program Files (x86)\uTorrentControl_v2
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - ButterscotchToolbar BHO - {B94D2A9E-E529-4389-B8DE-4F50D087F0D1} - C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll ()
C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll
C:\Program Files (x86)\ButterscotchToolbar
URLSearchHook: HKCU - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
URLSearchHook: HKCU - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - 452EE25FCB2249A5A1EAF2C5F17EB34C URL = isearch.avg.com/search?cid={68061F47-9A2E-43F3-B6DA-D45CA80FD5B4}&mid=fa81eb93f52347d09fdcc15632efa0c3-2eef52e425c702c77c6a767bfe82e59a6dc32504&lang=en&ds=oo011&pr=sa&d=2012-06-30 21:03:05&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {4B6D3083-3554-4FA3-B303-ED22AA97CC27} URL = searchtronic.net/Search?query={searchTerms}&i=61&tp=chrome
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {CADC42DA-65D8-4E02-B924-0382E9556ED1} URL = websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=FF099EC6-5D60-4AFF-B4B4-7A93E3526A18&apn_sauid=C4AC8276-6E12-4937-A1B8-4EE38559BCBD
BHO: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
BHO-x32: ChaCha Search Toolbar -> {4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} -> C:\Program Files (x86)\chachatoolbar\chachatoolbar.dll (ChaCha Search, Inc. )
C:\Program Files (x86)\chachatoolbar\chachatoolbar.dll
C:\Program Files (x86)\chachatoolbar
BHO-x32: uTorrentControl2 Toolbar -> {687578b9-7132-4a7a-80e4-30ee31099e03} -> C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO-x32: uTorrentControl_v2 Toolbar -> {7473b6bd-4691-4744-a82b-7854eb3d70b6} -> C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO-x32: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
BHO-x32: ButterscotchToolbar BHO -> {B94D2A9E-E529-4389-B8DE-4F50D087F0D1} -> C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll ()
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Butterscotch Toolbar - {AF3D7884-B142-414E-943D-75D8D54E1FFF} - C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll ()
Toolbar: HKLM-x32 - ChaCha Search Toolbar - {4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} - C:\Program Files (x86)\chachatoolbar\chachatoolbar.dll (ChaCha Search, Inc. )
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
Handler: butterscotchtoolbar - {721B7821-181F-44E8-9649-067641EF5AA2} - No File
Handler-x32: butterscotchtoolbar - {721B7821-181F-44E8-9649-067641EF5AA2} - C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll ()
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\butterscotch_igeared.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Butterscotch Toolbar - C:\Program Files (x86)\ButterscotchToolbar\Firefox\butterscotch@igeared [2012-02-01]
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Simple Pass 2011) - C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File
CHR Extension: (uTorrentControl_v2) - C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2013-08-04]
CHR Extension: (AVG Security Toolbar) - C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-10-03]
CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Dillon\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-14]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Dillon\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-08-14]
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Dillon\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-14]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-27]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Dillon\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2014-04-27]
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-14] (AVG Secure Search)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-14] (AVG Technologies)
2014-10-19 16:53 - 2014-10-19 16:53 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-19 16:49 - 2014-10-19 18:21 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-19 16:41 - 2014-10-19 16:42 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Dillon\Downloads\SpyHunter-Installer.exe
2014-10-19 16:32 - 2014-10-19 16:32 - 02112512 _____ (Farbar) C:\Users\Dillon\Downloads\frst64 (1).exe
2014-10-19 15:50 - 2014-01-11 14:44 - 00000000 ____D () C:\Users\Dillon\AppData\Roaming\Search Protection
C:\Users\Dillon\AppData\Local\Temp\APNStub.exe
C:\Users\Dillon\AppData\Local\Temp\avguidx.dll
C:\Users\Dillon\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Dillon\AppData\Local\Temp\contentDATs.exe
C:\Users\Dillon\AppData\Local\Temp\crtFDA1.tmp.exe
C:\Users\Dillon\AppData\Local\Temp\Extract.exe
C:\Users\Dillon\AppData\Local\Temp\fft83FE.tmp.exe
C:\Users\Dillon\AppData\Local\Temp\fsprod.dll
C:\Users\Dillon\AppData\Local\Temp\fssfm.dll
C:\Users\Dillon\AppData\Local\Temp\gjqudb0m.dll
C:\Users\Dillon\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Dillon\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Dillon\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe
C:\Users\Dillon\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Dillon\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Dillon\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Dillon\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Dillon\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Dillon\AppData\Local\Temp\LiveUpdater.exe
C:\Users\Dillon\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Dillon\AppData\Local\Temp\mssinstaller.exe
C:\Users\Dillon\AppData\Local\Temp\oi_{59E48EC7-9545-4D38-B4C7-AA77C6A2CC83}.exe
C:\Users\Dillon\AppData\Local\Temp\preconfig.exe
C:\Users\Dillon\AppData\Local\Temp\Resource.exe
C:\Users\Dillon\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Dillon\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Dillon\AppData\Local\Temp\SHSetup.exe
C:\Users\Dillon\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Dillon\AppData\Local\Temp\SP55152.exe
C:\Users\Dillon\AppData\Local\Temp\sp58915.exe
C:\Users\Dillon\AppData\Local\Temp\sp64126.exe
C:\Users\Dillon\AppData\Local\Temp\SRLDetectionLibrary3350345130605290558.dll
C:\Users\Dillon\AppData\Local\Temp\tbedrs.dll
C:\Users\Dillon\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Dillon\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Dillon\AppData\Local\Temp\utt2C20.tmp.exe
C:\Users\Dillon\AppData\Local\Temp\uttD01A.tmp.exe
C:\Users\Dillon\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Dillon\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Dillon\AppData\Local\Temp\winziprosetup.exe
CustomCLSID: HKU\S-1-5-21-4074735873-2823687706-4046357401-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {ECC6F0BF-E3AE-46FE-9D4F-23A9776A87F1} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-31] () <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{CD30BA54-A27A-42C2-BAD1-92906BD722B3}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{84FDD6C5-D5ED-41FE-86AC-1421BD8B2F77}.exe
end
*****************
[2920] C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe => Process closed successfully.
[2972] C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe => Process closed successfully.
[2980] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe => Process closed successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe => Moved successfully.
[3016] C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe => Process closed successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe => Moved successfully.
[5668] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe => Process closed successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe => Moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar => Moved successfully.
[5752] C:\Program Files (x86)\AVG Secure Search\vprot.exe => Process closed successfully.
C:\Program Files (x86)\AVG Secure Search\vprot.exe => Moved successfully.
[5760] C:\Program Files (x86)\Ask.com\Updater\Updater.exe => Process closed successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe => Moved successfully.
C:\Program Files (x86)\Ask.com => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => value deleted successfully.
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection => value deleted successfully.
C:\Users\Dillon\AppData\Roaming\Search Protection\SearchProtection.EXE => Moved successfully.
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\Software\Microsoft\Windows\CurrentVersion\Run\\APISupport => value deleted successfully.
C:\Users\Dillon\AppData\Local\Conduit\APISupport\APISupport.dll => Moved successfully.
C:\Users\Dillon\AppData\Local\Conduit => Moved successfully.
HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection => value deleted successfully.
C:\Users\Dillon\AppData\Roaming\Search Protection\SP.EXE => Moved successfully.
"C:\Users\Dillon\AppData\Roaming\Search Protection" directory move:
C:\Users\Dillon\AppData\Roaming\Search Protection\Uninstall.exe => Moved successfully.
Could not move "C:\Users\Dillon\AppData\Roaming\Search Protection" directory. => Scheduled to move on reboot.
"HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-4074735873-2823687706-4046357401-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll" => Value Data removed successfully.
"C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll" => Value Data removed successfully.
"C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll" => Value Data removed successfully.
"C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll" => Value Data removed successfully.
"C:\Program Files (x86)\Windows iLivid Toolbar" => File/Directory not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}" => Key deleted successfully.
C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll => Moved successfully.
C:\Program Files (x86)\uTorrentControl2 => Moved successfully.
C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll => Moved successfully.
C:\Program Files (x86)\uTorrentControl_v2 => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B94D2A9E-E529-4389-B8DE-4F50D087F0D1} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{B94D2A9E-E529-4389-B8DE-4F50D087F0D1}" => Key deleted successfully.
C:\Program Files (x86)\ButterscotchToolbar\IEToolbar.dll => Moved successfully.
C:\Program Files (x86)\ButterscotchToolbar => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\452EE25FCB2249A5A1EAF2C5F17EB34C" => Key deleted successfully.
"HKCR\CLSID\452EE25FCB2249A5A1EAF2C5F17EB34C" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B6D3083-3554-4FA3-B303-ED22AA97CC27}" => Key deleted successfully.
"HKCR\CLSID\{4B6D3083-3554-4FA3-B303-ED22AA97CC27}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CADC42DA-65D8-4E02-B924-0382E9556ED1}" => Key deleted successfully.
"HKCR\CLSID\{CADC42DA-65D8-4E02-B924-0382E9556ED1}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}" => Key deleted successfully.
"HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C}" => Key deleted successfully.
C:\Program Files (x86)\chachatoolbar\chachatoolbar.dll => Moved successfully.
C:\Program Files (x86)\chachatoolbar => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B94D2A9E-E529-4389-B8DE-4F50D087F0D1}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B94D2A9E-E529-4389-B8DE-4F50D087F0D1}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{AF3D7884-B142-414E-943D-75D8D54E1FFF} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{AF3D7884-B142-414E-943D-75D8D54E1FFF}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{4E7BD74F-2B8D-469E-88BC-BC28F89AAE3C}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}" => Key not found.
"HKCR\PROTOCOLS\Handler\butterscotchtoolbar" => Key deleted successfully.
"HKCR\CLSID\{721B7821-181F-44E8-9649-067641EF5AA2}" => Key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\butterscotchtoolbar" => Key not found.
"HKCR\Wow6432Node\CLSID\{721B7821-181F-44E8-9649-067641EF5AA2}" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin" => Key deleted successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\butterscotch_igeared.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml => Moved successfully.
C:\Program Files (x86)\ButterscotchToolbar\Firefox\butterscotch@igeared not found.
C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll not found.
C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll not found.
C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda => Moved successfully.
C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda" => Key deleted successfully.
C:\Users\Dillon\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc" => Key deleted successfully.
"C:\Users\Dillon\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda" => Key deleted successfully.
"C:\Users\Dillon\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof" => Key deleted successfully.
C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc" => Key deleted successfully.
"C:\Users\Dillon\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx" => File/Directory not found.
vToolbarUpdater18.1.9 => Service deleted successfully.
avgtp => Service stopped successfully.
avgtp => Service deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP => Moved successfully.
C:\Users\Dillon\Downloads\SpyHunter-Installer.exe => Moved successfully.
C:\Users\Dillon\Downloads\frst64 (1).exe => Moved successfully.
"C:\Users\Dillon\AppData\Roaming\Search Protection" directory move:
Could not move "C:\Users\Dillon\AppData\Roaming\Search Protection" directory. => Scheduled to move on reboot.
C:\Users\Dillon\AppData\Local\Temp\APNStub.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\avguidx.dll => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\CommonInstaller.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\crtFDA1.tmp.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\Extract.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\fft83FE.tmp.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\fsprod.dll => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\fssfm.dll => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\gjqudb0m.dll => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\HPHelpUpdater.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\iGearedHelper.dll => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\LiveUpdater.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\MachineIdCreator.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\mssinstaller.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\oi_{59E48EC7-9545-4D38-B4C7-AA77C6A2CC83}.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\preconfig.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\Resource.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\SearchProtectionSetup.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\SHSetup.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\SP55152.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\sp58915.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\sp64126.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\SRLDetectionLibrary3350345130605290558.dll => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\tbedrs.dll => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\ToolbarInstaller.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\utt2C20.tmp.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\uttD01A.tmp.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\vlc-2.0.2-win32.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\vlc-2.1.3-win32.exe => Moved successfully.
C:\Users\Dillon\AppData\Local\Temp\winziprosetup.exe => Moved successfully.
"HKU\S-1-5-21-4074735873-2823687706-4046357401-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECC6F0BF-E3AE-46FE-9D4F-23A9776A87F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECC6F0BF-E3AE-46FE-9D4F-23A9776A87F1}" => Key deleted successfully.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => Key deleted successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => Moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Oct 23, 2014 14:39:00 GMT -8
How is your system running now? Read carefullyDownload Adwcleaner from here to your desktop and run a scan. You may have to right click adwcleaner.exe and choose "Run as Administrator" from the menu. (Click the Scan button to start the scanning). It will create a log after it is finished scanning. If not (or if it just asks for you to uncheck what you don't wanted deleted), there is a Report button in the middle of the main window; click that and it will make the log file. Once the report file is made, you can leave AdwCleaner running (but don't delete anything yet) or you can close it down (we can always get a fresh scan done before the deletions). ONE SCAN ONLY, PLEASEAttach or paste the log back here for review and further instructions. Thanks. |
|
|
|
Post by dillon023 on Oct 23, 2014 16:26:40 GMT -8
Much better, and all of the dllhost.exe are gone.
# AdwCleaner v4.001 - Report created 23/10/2014 at 18:46:25
# Updated 20/10/2014 by Xplode
# Database : 2014-10-23.2
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dillon - DILLON-HP
# Running from : C:\Users\Dillon\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Dillon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Dillon\AppData\Local\Temp\EsgScanner.sys
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\AVG Security Toolbar
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\iLivid
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\ButterscotchToolbar
Folder Found : C:\Users\Dillon\AppData\Local\apn
Folder Found : C:\Users\Dillon\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Dillon\AppData\Local\Ilivid Player
Folder Found : C:\Users\Dillon\AppData\Local\PackageAware
Folder Found : C:\Users\Dillon\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Dillon\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Dillon\AppData\LocalLow\ButterscotchToolbar
Folder Found : C:\Users\Dillon\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dillon\AppData\LocalLow\Datamngr
Folder Found : C:\Users\Dillon\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Dillon\AppData\LocalLow\searchquband
Folder Found : C:\Users\Dillon\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\Dillon\AppData\LocalLow\uTorrentControl_v2
Folder Found : C:\Users\Dillon\AppData\LocalLow\uTorrentControl2
Folder Found : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\ButterscotchToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Search Protection
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Found : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Found : [x64] HKCU\Software\APN
Key Found : [x64] HKCU\Software\Ask.com
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\ButterscotchToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Key Found : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{38FECD23-5D3D-4B4D-8B1D-2E0C24BB6EA7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EBB69CE8-67AC-450D-8463-8FFAC54B8565}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FB798CE1-9C2B-4944-8537-E4F6BAD8F990}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12B50C5B-C88E-4537-940A-5E4072AD6409}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91CCD5C7-1120-4BCC-9C97-0A876BBA4001}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF3D7884-B142-414E-943D-75D8D54E1FFF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C75CB5E8-CED1-49F7-95EC-013786B6712D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA70065C-65F0-4B65-9E33-135356D8B16F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Butterscotch Toolbar_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Key Found : HKLM\SOFTWARE\SearchquMediabarTb
Key Found : HKLM\SOFTWARE\uTorrentControl_v2
Key Found : HKLM\SOFTWARE\uTorrentControl2
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EBB69CE8-67AC-450D-8463-8FFAC54B8565}
Key Found : [x64] HKLM\SOFTWARE\DataMngr
Key Found : [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [butterscotch@igeared]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v
-\\ Google Chrome v37.0.2062.124
*************************
AdwCleaner[R0].txt - [19387 octets] - [23/10/2014 18:46:25]
|
|
