Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hidden Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hidden Malware

Unread postby tnesler » September 15th, 2013, 9:55 pm

Hello!

I hope you can help me. About 10 days ago I saw that my Windows security service would not activate. AVG spotted an infected Run32.dll in the SysWOW64 folder. (I have win7 home premium). But even though it tried to remove it, it kept coming back. I ran MS Safety scanner and found two items. I ran Malwarebytes scanner and it found 204 items!... :roll: I have run a full scan using AVG. Each time when I reran these utilities, I found nothing, but I still can't get WSS to start successfully.

What are your suggestions?

Thanks in advance!

Tom Nesler

PS: For some reason, I can't turn off my internet connection either...???
tnesler
Regular Member
 
Posts: 33
Joined: September 12th, 2013, 11:42 am
Advertisement
Register to Remove

Re: Hidden Malware

Unread postby tnesler » September 16th, 2013, 10:00 pm

Sorry I did not post the logs. Here they are. At the moment, supposedly everything is fine. However, I have had problems the next day, forcing me to start over again... :(

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2
Run by Treasurer at 20:39:18 on 2013-09-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2429 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atibtmon.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\SysWOW64\ASTSRV.EXE
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie10
mStart Page = hxxp://www.google.com
uProxyOverride = <local>
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - <orphaned>
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll
uRun: [AVG-Secure-Search-Update_0913a] C:\Users\Treasurer\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 86be2fd7069a47d1801c4902a7747f55-4918a1d20f819e1ae59a96eed6b12a141df274e9 --CMPID 0913a
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/Cl ... wsdc32.cab
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{C05AD519-926E-46DA-A286-D6B3A0E85834} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C30D6BD0-91C1-43CF-AB75-94C4B9CDBA1D} : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{C30D6BD0-91C1-43CF-AB75-94C4B9CDBA1D}\15579636B664C616D696E676F6D27657563747 : DHCPNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
TCP: Interfaces\{C30D6BD0-91C1-43CF-AB75-94C4B9CDBA1D}\2375942554637323 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C30D6BD0-91C1-43CF-AB75-94C4B9CDBA1D}\2656C6B696E6E2534683E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{C30D6BD0-91C1-43CF-AB75-94C4B9CDBA1D}\355627679636563456E6472716C6145747F6 : DHCPNameServer = 8.8.8.8 64.254.100.20 8.8.4.4
TCP: Interfaces\{C30D6BD0-91C1-43CF-AB75-94C4B9CDBA1D}\D43584F4D454 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C30D6BD0-91C1-43CF-AB75-94C4B9CDBA1D}\F66716C696E6B6379737 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files (x86)\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Treasurer\AppData\Roaming\Mozilla\Firefox\Profiles\hxmckx3w.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com?src=6&barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}&crg=3.5000006.10042&st=23&q=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-20 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-20 202752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.EXE [2013-8-30 193696]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.EXE [2013-8-30 240288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-20 347680]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-11-20 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-11-26 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-20 245792]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-16 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-18 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-09-15 22:15:35 9430408 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-09-15 17:51:24 -------- d-----w- C:\Users\Treasurer\AppData\Roaming\Malwarebytes
2013-09-15 17:51:10 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-15 17:51:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-15 17:51:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-05 06:43:42 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-08-18 22:27:32 -------- d-----w- C:\Windows\System32\MRT
.
==================== Find3M ====================
.
2013-09-15 22:15:45 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-15 22:15:45 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-20 06:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-07-20 06:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-07-20 06:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-20 06:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-07-01 06:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-06-30 18:09:26 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-30 18:09:25 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-06-30 18:09:25 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-01-10 20:39:59 715038 ----a-w- C:\Program Files (x86)\Common Files\unins000.exe
.
============= FINISH: 20:40:04.67 ===============
Here is the Attach.Txt file

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/17/2011 6:43:13 PM
System Uptime: 9/16/2013 8:26:33 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1444
Processor: AMD Turion(tm) II P540 Dual-Core Processor | Socket S1G4 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 280 GiB total, 221.908 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.505 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-zip v9.20
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5 MUI
Adobe Shockwave Player 11.5
AMD USB Filter Driver
Atheros Driver Installation Program
ATI Catalyst Install Manager
AVG 2013
Bejeweled 2 Deluxe
Bing Bar
Blackhawk Striker 2
Build-a-lot 2
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG5200 series MP Drivers
Canon MG5200 series User Registration
Canon My Printer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Coupon Printer for Windows
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Facebook Video Calling 1.2.0.287
FATE
Final Drive Nitro
FLV Player
FoodBuzz
FriendsChecker
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.2.1.1
HP Advisor
HP Customer Experience Enhancements
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Documentation
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HP Update
HP Wireless Assistant
Iminent
Internet Explorer Toolbar 4.8 by SweetPacks
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 20 (64-bit)
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
KONICA MINOLTA C360Series
LabelPrint
Logos Accounting
Logos Church Management
Malwarebytes Anti-Malware version 1.75.0.1300
MediaShout 4.0
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PDF Creator
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Roxio CinemaNow 2.0
RtVOsd
SearchDonkey
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Excel 2010 (KB2760597) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition
SMPlayer 0.6.9
Synaptics Pointing Device Driver
Tax Forms Helper 2012 10.5
TrueSwitch Wizard EC
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Virtual Families
Virtual Villagers - The Secret City
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Software Update
Yahoo! Toolbar
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
9/9/2013 8:42:40 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/9/2013 8:40:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/9/2013 8:40:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/9/2013 8:40:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/9/2013 8:40:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/9/2013 8:40:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/9/2013 8:40:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/9/2013 8:40:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
9/9/2013 8:40:01 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/9/2013 8:40:01 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/9/2013 8:40:01 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/9/2013 8:40:01 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/9/2013 8:40:01 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/9/2013 8:40:00 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/9/2013 8:40:00 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/9/2013 8:40:00 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
9/9/2013 8:40:00 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/9/2013 8:40:00 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/9/2013 8:40:00 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
9/16/2013 8:26:02 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
9/16/2013 6:33:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
9/11/2013 7:18:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
9/10/2013 6:25:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
9/10/2013 6:25:13 PM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/10/2013 6:25:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
9/10/2013 6:22:02 PM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
9/10/2013 5:29:22 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
.
==== End Of File ===========================
tnesler
Regular Member
 
Posts: 33
Joined: September 12th, 2013, 11:42 am

Re: Hidden Malware

Unread postby Gary R » September 25th, 2013, 7:36 am

Hi Tom, sorry you've been kept waiting so long, sometimes logs get overlooked when we're busy. We try our best to ensure that doesn't happen, but sadly from time to time it does.

It's been a while since you ran your DDS scan, and things may have changed on your machine since then, so if you're still looking for help, run a new scan with DDS and post the new logs to this topic so I can look them over.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Hidden Malware

Unread postby tnesler » September 25th, 2013, 8:15 am

Thanks! I will run the scans as soon as I get home today.

Tom Nesler
tnesler
Regular Member
 
Posts: 33
Joined: September 12th, 2013, 11:42 am

Re: Hidden Malware

Unread postby tnesler » September 25th, 2013, 6:00 pm

Here is my DDS file:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686 BrowserJavaVersion: 10.25.2
Run by Treasurer at 16:36:16 on 2013-09-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2700 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\atibtmon.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\SysWOW64\ASTSRV.EXE
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie10
mStart Page = hxxp://www.google.com
uProxyOverride = <local>
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - <orphaned>
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll
uRun: [AVG-Secure-Search-Update_0913a] C:\Users\Treasurer\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 86be2fd7069a47d1801c4902a7747f55-4918a1d20f819e1ae59a96eed6b12a141df274e9 --CMPID 0913a
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/Cl ... wsdc32.cab
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{C05AD519-926E-46DA-A286-D6B3A0E85834} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C30D6BD0-91C1-43CF-AB75-94C4B9CDBA1D} : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{C30D6BD0-91C1-43CF-AB75-94C4B9CDBA1D}\15579636B664C616D696E676F6D27657563747 : DHCPNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
TCP: Interfaces\{C30D6BD0-91C1-43CF-AB75-94C4B9CDBA1D}\2375942554637323 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C30D6BD0-91C1-43CF-AB75-94C4B9CDBA1D}\2656C6B696E6E2534683E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{C30D6BD0-91C1-43CF-AB75-94C4B9CDBA1D}\355627679636563456E6472716C6145747F6 : DHCPNameServer = 8.8.8.8 64.254.100.20 8.8.4.4
TCP: Interfaces\{C30D6BD0-91C1-43CF-AB75-94C4B9CDBA1D}\D43584F4D454 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C30D6BD0-91C1-43CF-AB75-94C4B9CDBA1D}\F66716C696E6B6379737 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files (x86)\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Treasurer\AppData\Roaming\Mozilla\Firefox\Profiles\hxmckx3w.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com?src=6&barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}&crg=3.5000006.10042&st=23&q=
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-8-22 192824]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-8-22 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-8-1 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-8-1 147768]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-8-22 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-8-22 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-20 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-20 202752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-8-27 3534896]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-8-20 300640]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.EXE [2013-8-30 193696]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-20 347680]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-11-20 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
S2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.EXE [2013-8-30 240288]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-11-26 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-20 245792]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-16 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-18 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-09-21 18:43:04 -------- d-----w- C:\Users\Treasurer\AppData\Roaming\AVG2014
2013-09-21 18:38:44 -------- d-----w- C:\ProgramData\AVG2014
2013-09-21 18:31:52 -------- d-----w- C:\Users\Treasurer\AppData\Local\Avg2014
2013-09-21 18:30:57 -------- d-----w- C:\Users\Treasurer\AppData\Local\MFAData
2013-09-15 18:15:26 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-15 17:51:24 -------- d-----w- C:\Users\Treasurer\AppData\Roaming\Malwarebytes
2013-09-15 17:51:10 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-15 17:51:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-15 17:51:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2013-09-21 19:15:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-21 19:15:23 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-23 04:25:44 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-08-23 04:08:14 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-08-23 03:55:04 241464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-08-23 03:54:54 192824 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-08-21 03:53:58 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 21:07:06 251192 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-08-01 21:06:28 147768 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-08-01 21:04:56 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-30 18:09:26 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-30 18:09:25 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-06-30 18:09:25 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-01-10 20:39:59 715038 ----a-w- C:\Program Files (x86)\Common Files\unins000.exe
.
============= FINISH: 16:40:30.92 ===============

Here is my Attach.txt file

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/17/2011 6:43:13 PM
System Uptime: 9/25/2013 4:34:10 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1444
Processor: AMD Turion(tm) II P540 Dual-Core Processor | Socket S1G4 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 280 GiB total, 221.774 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.505 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-zip v9.20
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5 MUI
Adobe Shockwave Player 11.5
AMD USB Filter Driver
Atheros Driver Installation Program
ATI Catalyst Install Manager
AVG 2014
Bejeweled 2 Deluxe
Bing Bar
Blackhawk Striker 2
Build-a-lot 2
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG5200 series MP Drivers
Canon MG5200 series User Registration
Canon My Printer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Coupon Printer for Windows
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Facebook Video Calling 1.2.0.287
FATE
Final Drive Nitro
FLV Player
FoodBuzz
FriendsChecker
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.2.1.1
HP Advisor
HP Customer Experience Enhancements
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Documentation
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HP Update
HP Wireless Assistant
Iminent
Internet Explorer Toolbar 4.8 by SweetPacks
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 20 (64-bit)
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
KONICA MINOLTA C360Series
LabelPrint
Logos Accounting
Logos Church Management
Malwarebytes Anti-Malware version 1.75.0.1300
MediaShout 4.0
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PDF Creator
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Roxio CinemaNow 2.0
RtVOsd
SearchDonkey
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Excel 2010 (KB2760597) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition
SMPlayer 0.6.9
Synaptics Pointing Device Driver
Tax Forms Helper 2012 10.5
TrueSwitch Wizard EC
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Virtual Families
Virtual Villagers - The Secret City
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Software Update
Yahoo! Toolbar
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
9/25/2013 4:39:56 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.10.105. The computer with the IP address 192.168.10.112 did not allow the name to be claimed by this computer.
9/23/2013 10:55:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
9/23/2013 10:51:15 PM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
9/21/2013 1:41:51 PM, Error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error %%-536753627.
.
==== End Of File ===========================

To recap my symptoms: I can't turn on Windows Security Center Service and my antivirus keeps catching viruses as a result.

thanks in advance for your efforts!

Tom Nesler
tnesler
Regular Member
 
Posts: 33
Joined: September 12th, 2013, 11:42 am

Re: Hidden Malware

Unread postby Gary R » September 26th, 2013, 1:02 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Tom

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


OK, there's a couple of things of concern showing in your DDS logs, but before we deal with them, I need to get a more complete picture of what needs removing from your machine, so to do that I need you to run some more scans for me, once I've had a look at them we can get started cleaning your machine.

First ...

  • Please download ... ADWCleaner to your Desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.
  • Close your browser and double click on this icon to launch ADWCleaner ... Image
  • Click on the Scan button, accept any prompts that appear, and allow it to run. It may take several minutes to complete.
  • When it is done click on the Report button and a report log will open on your Desktop.
  • Please post the log in your next reply.

Next ...

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Finally ...

Please download SystemLook from the link below and save it to your Desktop.

For 64 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy and paste the contents of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    *sweetpacks*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    *sweetpacks*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon
    conduit
    sweetpacks
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • OTL.txt
  • Extras.txt
  • SystemLook.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Hidden Malware

Unread postby tnesler » September 26th, 2013, 10:54 am

Ok...I will get those logs to you tonight (9PM Central time)

Tom Nesler
tnesler
Regular Member
 
Posts: 33
Joined: September 12th, 2013, 11:42 am

Re: Hidden Malware

Unread postby tnesler » September 26th, 2013, 11:20 pm

Here are the results of my scans: First Post -- ADWCleaner

ADWCleaner Log
# AdwCleaner v3.005 - Report created 26/09/2013 at 21:13:06
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Treasurer - OWNER-HP
# Running from : C:\Users\Treasurer\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\The Refuge\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : C:\Users\Treasurer\AppData\Roaming\Mozilla\Firefox\Profiles\hxmckx3w.default\Extensions\webbooster@iminent.com.xpi
File Found : C:\Users\Treasurer\AppData\Roaming\Mozilla\Firefox\Profiles\hxmckx3w.default\user.js
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Found : C:\Users\The Refuge\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Found : C:\Users\The Refuge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Found C:\Program Files (x86)\Common Files\Umbrella
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\OApps
Folder Found C:\Program Files (x86)\SweetIM
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\Iminent
Folder Found C:\Users\Owner\AppData\Local\Conduit
Folder Found C:\Users\Owner\AppData\Local\Giant Savings
Folder Found C:\Users\Owner\AppData\Local\visi_coupon
Folder Found C:\Users\Owner\AppData\LocalLow\BabylonToolbar
Folder Found C:\Users\Owner\AppData\LocalLow\BringMeSports_1c
Folder Found C:\Users\Owner\AppData\LocalLow\Conduit
Folder Found C:\Users\Owner\AppData\LocalLow\TelevisionFanatic
Folder Found C:\Users\Owner\AppData\Roaming\DefaultTab
Folder Found C:\Users\Owner\AppData\Roaming\Iminent
Folder Found C:\Users\The Refuge\AppData\Local\visi_coupon
Folder Found C:\Users\The Refuge\AppData\LocalLow\AskToolbar
Folder Found C:\Users\The Refuge\AppData\LocalLow\BabylonToolbar
Folder Found C:\Users\Treasurer\AppData\Local\visi_coupon
Folder Found C:\Users\Treasurer\AppData\LocalLow\BabylonToolbar
Folder Found C:\Users\Treasurer\AppData\LocalLow\Conduit
Folder Found C:\Users\Treasurer\AppData\LocalLow\SweetIM
Folder Found C:\Users\Treasurer\AppData\Roaming\Iminent

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\AppDataLow\Software\Giant Savings
Key Found : HKCU\Software\AppDataLow\Software\HappyLyrics
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{002D1BA6-4766-4D7D-82B8-F49439C66F97}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F653D037-97FA-4755-98C1-7F382EEB59A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{002D1BA6-4766-4D7D-82B8-F49439C66F97}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F653D037-97FA-4755-98C1-7F382EEB59A7}
Key Found : [x64] HKCU\Software\DefaultTab
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\Iminent
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Found : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Found : HKLM\SOFTWARE\Classes\Iminent
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3239904
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Treasurer\AppData\Roaming\Mozilla\Firefox\Profiles\hxmckx3w.default\prefs.js ]

Line Found : user_pref("browser.newtab.url", "hxxp://start.sweetpacks.com/?barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}&src=97&crg=3.5000006.10042&st=23");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("iminent.webbooster.scripts.minibar.SOFTONICREFRESHRATE", "140000");
Line Found : user_pref("iminent.webbooster.scripts.sslminibar.SOFTONICREFRESHRATE", "140000");
Line Found : user_pref("keyword.URL", "hxxp://start.sweetpacks.com?src=6&barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}&crg=3.5000006.10042&st=23&q=");
Line Found : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Line Found : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
Line Found : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks");

*************************

AdwCleaner[R0].txt - [18298 octets] - [26/09/2013 21:13:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18359 octets] ##########
tnesler
Regular Member
 
Posts: 33
Joined: September 12th, 2013, 11:42 am

Re: Hidden Malware

Unread postby tnesler » September 26th, 2013, 11:22 pm

Here is the OTL Log

OTL logfile created on: 9/26/2013 9:16:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Treasurer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 60.23% Memory free
7.49 Gb Paging File | 5.76 Gb Available in Paging File | 76.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.47 Gb Total Space | 221.82 Gb Free Space | 79.09% Space Free | Partition Type: NTFS
Drive D: | 17.32 Gb Total Space | 2.51 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive F: | 99.34 Mb Total Space | 89.20 Mb Free Space | 89.79% Space Free | Partition Type: FAT32

Computer Name: OWNER-HP | User Name: Treasurer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/26 20:43:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Treasurer\Desktop\OTL.exe
PRC - [2013/09/22 23:09:00 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/15 23:12:16 | 004,851,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/09/03 23:17:50 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/08/30 19:26:24 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.EXE
PRC - [2013/08/30 19:26:24 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.EXE
PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2010/03/02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/07 12:04:00 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\ASTSRV.EXE


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/17 11:59:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/09/22 23:09:00 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/21 14:15:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/03 23:17:50 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/08/30 19:26:24 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/08/30 19:26:24 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/08/17 15:07:18 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/07 12:04:00 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (astcc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/08 22:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/09/02 10:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/09/02 10:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/09/02 10:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/09/02 10:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/08/20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/08/01 16:06:28 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2012/10/23 16:09:40 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/06/24 22:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/02/22 12:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/17 12:07:42 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/06/17 11:10:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/07 14:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/06 08:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/22 20:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {810ACBA6-85FE-457D-82A8-00B5DB91EFD3}
IE:64bit: - HKLM\..\SearchScopes\{05D9F9FA-EF4F-4E4E-BC77-F4CFC7D9B1A4}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{564A8274-2562-4D05-B3AE-9E4FFAE06975}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{810ACBA6-85FE-457D-82A8-00B5DB91EFD3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{A894D0CF-3575-48F2-92B7-FEF588C7D453}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{05D9F9FA-EF4F-4E4E-BC77-F4CFC7D9B1A4}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{564A8274-2562-4D05-B3AE-9E4FFAE06975}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{810ACBA6-85FE-457D-82A8-00B5DB91EFD3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}: "URL" = http://search.mywebsearch.com/mywebsear ... .jhtml?p2=^YL^xdm117^YY^us&si=466203&ptb=D207D7EA-2173-4897-8655-80E770D58108&psa=&ind=2012121613&st=sb&n=77ee8a0d&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsear ... .jhtml?p2=^XP^xdm259^S04015^us&si=113814&ptb=189DF932-50E9-4366-B596-4DF13DAE3C92&psa=&ind=2013052021&st=sb&n=77fcbc75&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{A894D0CF-3575-48F2-92B7-FEF588C7D453}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie10
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\..\SearchScopes\{12C79467-FA4E-45BB-A727-062CCAE5FA94}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\..\SearchScopes\{66C5B39D-322B-4951-9075-59F1F024B307}: "URL" = http://www.mysearchresults.com/search?c=2355&t=01&q={searchTerms}
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\..\SearchScopes\{6F5D2098-9FC4-4D29-8513-D5FEF152C6B3}: "URL" = http://search.conduit.com/Results.aspx? ... 45&UM=2&q={searchTerms}
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\..\SearchScopes\{82D4451F-4749-4D7E-9FB9-DC3800D6BBCF}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\..\SearchScopes\{A42F9C81-DDB9-41A5-ADC3-91B5B895E78F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie10
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsear ... .jhtml?p2=^XP^xdm259^S04015^us&si=113814&ptb=189DF932-50E9-4366-B596-4DF13DAE3C92&psa=&ind=2013052021&st=sb&n=77fcbc75&searchfor={searchTerms}
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com?src=6&q={searchTerms}&barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}&crg=3.5000006.10042&st=23
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\..\SearchScopes\{F5F155F5-2332-4484-88A9-36287945E34E}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=43B339E4-3512-4BD1-88DA-FA32743AB260&apn_sauid=7F75BEBE-4734-433A-840C-538F14165570
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: webbooster%40iminent.com:7.35.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "http://start.sweetpacks.com?src=6&barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}&crg=3.5000006.10042&st=23&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/05/20 21:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Treasurer\AppData\Roaming\Mozilla\Extensions
[2013/09/09 19:06:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Treasurer\AppData\Roaming\Mozilla\Firefox\Profiles\hxmckx3w.default\extensions
[2013/09/09 19:06:21 | 000,614,544 | ---- | M] () (No name found) -- C:\Users\Treasurer\AppData\Roaming\Mozilla\Firefox\Profiles\hxmckx3w.default\extensions\webbooster@iminent.com.xpi
[2013/06/14 21:44:49 | 000,001,793 | ---- | M] () -- C:\Users\Treasurer\AppData\Roaming\Mozilla\Firefox\Profiles\hxmckx3w.default\searchplugins\Bing.xml
[2013/08/17 15:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/17 15:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/17 15:07:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-559820850-3501857684-1504056127-1004..\Run: [AVG-Secure-Search-Update_0913a] C:\Users\Treasurer\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 86be2fd7069a47d1801c4902a7747f55-4918a1d20f819e1ae59a96eed6b12a141df274e9 --CMPID 0913a File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/Cl ... wsdc32.cab (Microsoft Office Template and Media Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C05AD519-926E-46DA-A286-D6B3A0E85834}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C30D6BD0-91C1-43CF-AB75-94C4B9CDBA1D}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{63732209-c3fd-11e2-b0f9-984be19096a6}\Shell - "" = AutoRun
O33 - MountPoints2\{63732209-c3fd-11e2-b0f9-984be19096a6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/26 21:12:48 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/26 21:09:27 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/09/26 21:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/09/26 21:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/09/26 21:07:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Treasurer\Desktop\OTL.exe
[2013/09/26 20:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/21 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\Treasurer\AppData\Roaming\AVG2014
[2013/09/21 13:39:24 | 021,743,240 | ---- | C] (Microsoft Corporation) -- C:\Users\Treasurer\Desktop\Windows-KB890830-x64-V5.4.exe
[2013/09/21 13:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/09/21 13:31:52 | 000,000,000 | ---D | C] -- C:\Users\Treasurer\AppData\Local\Avg2014
[2013/09/21 13:30:57 | 000,000,000 | ---D | C] -- C:\Users\Treasurer\AppData\Local\MFAData
[2013/09/16 20:39:10 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Treasurer\Desktop\dds.scr
[2013/09/16 03:11:59 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/16 03:11:58 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/16 03:11:57 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/16 03:11:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/16 03:11:57 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/16 03:11:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/16 03:11:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/16 03:11:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/16 03:11:57 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/16 03:11:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/16 03:11:57 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/16 03:11:55 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/16 03:11:54 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/16 03:11:54 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/16 03:11:53 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/15 13:15:26 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/15 13:15:20 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/15 13:15:20 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/09/15 13:15:19 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/15 13:15:19 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/15 13:15:18 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/15 13:15:18 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/15 13:15:18 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/09/15 13:15:17 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/09/15 13:15:17 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/15 13:15:17 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/15 13:15:17 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/15 13:15:17 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/15 13:15:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/09/15 13:15:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/09/15 13:15:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/09/15 13:15:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/15 13:15:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/15 13:15:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/15 13:15:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/09/15 13:15:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/15 13:15:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/15 13:15:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/15 13:15:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/15 13:15:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/15 13:15:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/15 13:15:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/15 13:15:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/15 13:15:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/15 13:15:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/15 13:15:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/15 13:15:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/15 13:15:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/15 13:15:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/15 13:15:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/15 13:15:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/15 13:15:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/15 13:15:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/15 13:15:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/15 13:15:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/15 13:15:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/15 13:15:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/15 13:15:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/15 13:15:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/15 13:15:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/15 13:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/15 13:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/15 13:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/15 13:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/15 13:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/15 13:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/15 13:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/15 13:15:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/15 13:15:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/09/15 13:15:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/09/15 13:15:14 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/15 13:15:14 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/15 13:15:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/15 13:15:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/15 13:15:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/15 13:15:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/15 13:15:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/15 13:15:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/15 13:15:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/15 13:15:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/15 13:15:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/15 13:15:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/15 13:15:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/15 13:15:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/15 13:15:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/15 13:15:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/15 13:15:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/15 13:15:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/15 13:15:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/15 13:15:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/15 13:15:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/15 13:15:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/15 13:15:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/09/15 13:13:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/09/15 12:51:24 | 000,000,000 | ---D | C] -- C:\Users\Treasurer\AppData\Roaming\Malwarebytes
[2013/09/15 12:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/15 12:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/15 12:51:09 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/15 12:51:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/08 22:11:42 | 000,031,544 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2013/09/02 10:59:14 | 000,212,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2013/09/02 10:29:18 | 000,294,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/09/02 10:26:50 | 000,192,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2013/09/02 10:26:42 | 000,241,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013/08/28 20:47:54 | 000,000,000 | ---D | C] -- C:\Users\Treasurer\Documents\Old finance Docs
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/26 21:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/26 21:11:13 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-OWNER-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/09/26 21:10:47 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/26 21:10:47 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/26 21:10:47 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/26 21:09:41 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/26 21:09:41 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/26 21:08:36 | 000,002,235 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/09/26 21:03:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559820850-3501857684-1504056127-1001UA.job
[2013/09/26 21:01:26 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\rskpqbcg.job
[2013/09/26 21:01:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/26 21:01:11 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/26 20:56:46 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/09/26 20:43:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Treasurer\Desktop\OTL.exe
[2013/09/26 09:53:42 | 000,096,256 | ---- | M] () -- C:\Users\Treasurer\Desktop\SystemLook_x64.exe
[2013/09/26 09:52:46 | 001,042,066 | ---- | M] () -- C:\Users\Treasurer\Desktop\AdwCleaner.exe
[2013/09/26 09:51:36 | 003,859,661 | ---- | M] () -- C:\Users\Treasurer\Desktop\tweaking.com_registry_backup_setup.exe
[2013/09/23 20:19:43 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-559820850-3501857684-1504056127-1001UA.job
[2013/09/23 20:19:43 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-559820850-3501857684-1504056127-1001Core.job
[2013/09/23 20:19:43 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-559820850-3501857684-1504056127-1001Core.job
[2013/09/21 14:15:23 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/21 14:15:23 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/21 13:43:51 | 059,074,919 | ---- | M] () -- C:\Users\Treasurer\Desktop\msert.exe.part
[2013/09/21 13:40:47 | 000,000,000 | ---- | M] () -- C:\Users\Treasurer\Desktop\msert.exe
[2013/09/21 13:40:16 | 021,743,240 | ---- | M] (Microsoft Corporation) -- C:\Users\Treasurer\Desktop\Windows-KB890830-x64-V5.4.exe
[2013/09/21 13:16:51 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTreasurer.job
[2013/09/16 18:49:14 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Treasurer\Desktop\dds.scr
[2013/09/16 03:33:21 | 000,615,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/15 12:51:12 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/11 19:03:19 | 000,000,632 | RHS- | M] () -- C:\Users\Treasurer\ntuser.pol
[2013/09/08 22:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2013/09/02 10:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2013/09/02 10:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/09/02 10:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2013/09/02 10:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/26 21:11:13 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-OWNER-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/09/26 21:08:36 | 000,002,235 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/09/26 21:07:28 | 003,859,661 | ---- | C] () -- C:\Users\Treasurer\Desktop\tweaking.com_registry_backup_setup.exe
[2013/09/26 21:07:28 | 001,042,066 | ---- | C] () -- C:\Users\Treasurer\Desktop\AdwCleaner.exe
[2013/09/26 21:07:28 | 000,096,256 | ---- | C] () -- C:\Users\Treasurer\Desktop\SystemLook_x64.exe
[2013/09/21 13:40:47 | 000,000,000 | ---- | C] () -- C:\Users\Treasurer\Desktop\msert.exe
[2013/09/21 13:40:37 | 059,074,919 | ---- | C] () -- C:\Users\Treasurer\Desktop\msert.exe.part
[2013/09/21 13:40:24 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/09/15 12:51:12 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/04 22:58:12 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\rskpqbcg.job
[2013/05/19 21:11:46 | 000,000,632 | RHS- | C] () -- C:\Users\Treasurer\ntuser.pol
[2013/01/10 15:40:08 | 000,715,038 | ---- | C] () -- C:\Program Files (x86)\Common Files\unins000.exe
[2013/01/10 15:40:06 | 000,004,058 | ---- | C] () -- C:\Program Files (x86)\Common Files\unins000.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/30 16:55:26 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/30 16:55:26 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/09/15 13:34:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DefaultTab
[2013/09/15 13:32:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Iminent
[2013/05/19 19:00:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Logos Management Software
[2013/03/27 16:15:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2012/12/11 16:50:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2012/01/25 16:53:38 | 000,000,000 | ---D | M] -- C:\Users\The Refuge\AppData\Roaming\.minecraft
[2013/09/21 13:43:04 | 000,000,000 | ---D | M] -- C:\Users\Treasurer\AppData\Roaming\AVG2014
[2013/09/15 16:40:46 | 000,000,000 | ---D | M] -- C:\Users\Treasurer\AppData\Roaming\Iminent
[2013/08/11 15:06:52 | 000,000,000 | ---D | M] -- C:\Users\Treasurer\AppData\Roaming\Logos Management Software
[2013/01/30 16:55:26 | 000,000,000 | ---D | M] -- C:\Users\Treasurer\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >
tnesler
Regular Member
 
Posts: 33
Joined: September 12th, 2013, 11:42 am

Re: Hidden Malware

Unread postby tnesler » September 26th, 2013, 11:24 pm

Here is the Extras log

OTL Extras logfile created on: 9/26/2013 9:16:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Treasurer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 60.23% Memory free
7.49 Gb Paging File | 5.76 Gb Available in Paging File | 76.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.47 Gb Total Space | 221.82 Gb Free Space | 79.09% Space Free | Partition Type: NTFS
Drive D: | 17.32 Gb Total Space | 2.51 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive F: | 99.34 Mb Total Space | 89.20 Mb Free Space | 89.79% Space Free | Partition Type: FAT32

Computer Name: OWNER-HP | User Name: Treasurer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0074E563-2958-487D-9531-78AAFEFFA970}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{06B8985E-AC21-4B3E-90FF-907E78C0F35A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0ED2B688-DEEE-47FB-8BC0-D3CB3F03A2BB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0F88E8C5-6A82-4B24-8877-75FD2F840B2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0F90132D-40EB-4A30-AEC0-A87983F782F5}" = rport=137 | protocol=17 | dir=out | app=system |
"{10CF954D-B22C-4089-9831-4B859D168098}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10D7EDD4-807D-40A7-95B0-AE53BCF5E982}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1A2BAEE0-448F-40C4-B970-6DDF61EEE11F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{20A2E102-8AB8-4C18-A88C-C79FB063DFD6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26C4ED38-A216-4D98-A20F-1B96455FBA95}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29EF2155-6ADF-42E1-B654-6397E529666E}" = lport=138 | protocol=17 | dir=in | app=system |
"{30FC6784-4298-4649-A2C1-48BEAA639A9B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{34DE156D-EDF2-43ED-AFF7-259ADF05C16B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{423A7263-680F-4F88-B68E-01FBAF6FD7B8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{430A041F-596B-408E-B39B-D4D4AF7DB15E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4DD4CF86-E49C-426B-8D23-41DBC54BFED8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56FE36DA-2D18-4181-B8CB-00C7AD4696D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{601292D9-BE2D-498B-8800-4158942A50DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{695CF30E-E173-450D-B05A-6DD709CC1F82}" = rport=138 | protocol=17 | dir=out | app=system |
"{6C16770C-4B95-40D3-8464-FB947B402C43}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A3B5B9E-1E71-44D6-84F3-60418E51497A}" = lport=445 | protocol=6 | dir=in | app=system |
"{7DE58794-F1EB-4C55-B308-64050DD85AFE}" = lport=139 | protocol=6 | dir=in | app=system |
"{80930B31-A5A5-4299-90A6-EFFDBA7DC956}" = rport=445 | protocol=6 | dir=out | app=system |
"{8C948772-1BDF-4C01-AB92-35FFFB9DCB03}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8D66E60E-E5BC-4F56-BCF1-C7F432CA926E}" = rport=139 | protocol=6 | dir=out | app=system |
"{B7C78CF5-2D63-4D0A-9AD2-F00523099EE8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{BAC22DAC-0438-4943-AD62-CD6754A09F99}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BF863F4A-5DE1-49ED-AE5A-D44F8804E744}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CACE2A3F-94D0-4A90-9C85-DE45A5BB75A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D421A9E8-B72F-43A3-BFE8-8B04DC3333E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D44DE118-A45B-435D-8A02-5CCC6C53BA15}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D85D392A-99A5-4190-A9C3-5EEDAC2A7C32}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E0486361-D1B5-4F10-AFF9-7D8E7DB656F1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E8A6F2E6-9803-4C2F-A6BB-E6605B2EDAE9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E9B23870-DD10-48BE-B84E-DF3B6B23399F}" = lport=137 | protocol=17 | dir=in | app=system |
"{EE9D7277-06E5-4FE3-AD34-E5EB1C4407CC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F1B72804-4EAB-47AA-A7EC-9A8D1D1D7F0F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF2CE97F-71EC-47B9-AFFB-1890C9AE75E8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006590A8-9C6B-48EF-8072-761C486740B8}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{030411C8-4F19-46EB-939F-BECD7CBB549B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{0D4092B6-458F-4F48-879D-E636098DCF2B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{16492E58-E696-4541-8F44-64A714CAC1A6}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{1661567A-4436-4326-9AF0-92A213E3D19E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{18518EF1-7AD6-490E-A413-CB687F2074CB}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{18D42CC5-A45E-4A28-9707-E2FA009786B7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1D4BDABB-C68A-440D-943B-794617083520}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1D843AB9-C030-4F65-A008-A04A03F3131F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{26CAC049-5C30-454F-B426-64281DB5F821}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{2FD18DD4-08D1-44F4-90D1-0C71DB9B0B85}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{39D114F0-4706-468A-A550-DD80A08D5330}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3D40F9A1-7FE0-4432-B93C-ADDB4FBBF6E6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{4598C522-C462-4AD2-93BD-17CACF1C41E1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{554B765B-D5BE-4790-A22E-C375BE261D9C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{56912577-4914-4F37-8498-9CF4BBA843EA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{56CC598F-C784-462E-B02E-BEB7708168F7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{57468B65-4C4E-4850-814A-ABADD9593AAD}" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"{5BED51D8-A789-4C78-828D-6FF9159BD80C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{5C3C075C-948F-4DA3-8573-D3CC2611FC67}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{5F24226F-A2A6-491E-A19C-0BB4B0EE8308}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AE604AB-8CA6-4ED8-A623-9884D4CB9B64}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{6E2A430E-41B8-4970-9896-E5137A06EF68}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{6E7B4A61-355A-4B83-ABBA-9012321B6F8C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{6EDACB91-A0C1-49BC-A121-DD4930C605C0}" = protocol=6 | dir=out | app=system |
"{6F63599B-E801-4AD1-87F6-019B83592D67}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{72CC7296-F740-4101-9459-0664ADFCCB6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7543F292-AA25-4E2B-B155-1ADE333174EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{75DEFBFB-4F23-4852-9C05-2235498C4200}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{7F57AAB8-02D8-4EA0-AC81-11E88DDCA8F4}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{802F558B-B4DE-4571-9D98-A3D162046C6A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{8313DC24-1B02-43E2-B1BE-211782C71730}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{834F2790-C1B8-4BC6-B371-A95729F5B1A0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{87CD695F-FAA7-43CD-BF9F-01CAB4AA2BE3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{88F3A5AA-2EAA-47FB-BD1F-401BB5F7B454}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{897420FA-7F36-48C6-92A1-83C529D0378A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{907B16F9-2FAF-43FF-AD9E-BABA66172E62}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{9B8679D1-24F4-4098-8353-4A55A01129EF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{9E05B8D2-5CE6-4D46-9827-2120A2906163}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2297982-D201-4311-8785-B6434ED435BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3A4B663-7DAA-4562-A680-C47CAC7A17FC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{A7C04316-7AE6-41E1-86E0-7E7DC522AAA1}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{AF13BDE7-343E-43F6-8BB0-73ABE627D4F5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF158780-7DD4-4B7F-801B-8E8A25A3A75D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B028754E-9DAB-4ED0-89A2-F18F44409A8C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2936AAF-47DC-4613-935C-DECADD3539B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1B23776-B6FB-4282-9118-8517327B1967}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{C2F98F36-0549-43D0-A05F-3B69712079CB}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{C8204922-6AC5-4DB1-95B6-A50384F0DB44}" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"{C8E89123-AA79-4A70-8735-0D7106D15D45}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{CAC41FCF-59B8-4A47-983B-FC92BABB949A}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{CBB59031-B3BD-44B0-AB38-7E6856C92D64}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CBBB747B-0C99-4139-9524-C83FB8D46038}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{CC93BE8E-97E1-4F5E-BE60-1850FAB1E97D}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{CDA24FBF-71C7-4685-ACF3-6ED65556CA39}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D3C43B8D-2F3D-4DDA-A728-26CBA5DDA0DF}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{D796FA02-3055-4018-9C0E-DC68D3ED8770}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{D97828D3-2886-4EB5-A3DC-6ABDAE63D581}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E1467A61-DAFF-4ACB-9020-02D9DAFF47F5}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{E6D28D2C-BD4C-4FEA-84FF-9F57D1A1CC44}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{EA7948DB-C50C-4CCE-A669-5F91135D334D}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{EE5CA1F6-46AF-4EA2-9CA8-E3B1F71AA193}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{F62F10EF-726A-47AF-8E3F-5B0FBFB1325E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{FA88E860-6829-4881-A5FC-027AF808A1E2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{DF9B3944-D578-416A-9A82-676EE63742A6}C:\users\the refuge\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\the refuge\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{8DF105B4-BECB-4C98-AFF6-9A432CC4638A}C:\users\the refuge\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\the refuge\appdata\local\facebook\video\skype\facebookvideocalling.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{2EA43D50-131A-44DE-A678-47F6D572AB30}" = AVG 2014
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B1977BE-7B68-458C-9638-03672C1A15A9}" = AVG 2014
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{650AF771-456D-418F-BFC7-F6FFC9D0235C}" = HP Deskjet 3050 J610 series Basic Device Software
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C01AE65A-8874-3A33-BE03-23F8516A0350}" = ccc-utility64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2014
"KONICA MINOLTA C360Series Installer" = KONICA MINOLTA C360Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"PDF Creator" = PDF Creator
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0190D9DE-6D57-7727-861E-D4BEA111D86B}" = Catalyst Control Center Core Implementation
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04FBA781-4737-4C55-8819-6F4CF805B8F4}_is1" = Logos Church Management
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A785656-433A-0575-8C5D-A8EAE05329CA}" = CCC Help Thai
"{0AD77FFC-874E-9AAE-6A76-549DFEB17849}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CD58F4F-B339-4B81-FAD4-2BF9E3590F60}" = CCC Help Czech
"{1042E756-FC48-4E6D-A13C-4B1A0EC014F4}" = MediaShout 4.0
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A47631D-8875-7993-476D-130C5D41D101}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28749552-9DBD-1D10-A894-6079282C941F}" = CCC Help German
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding
"{32BA2A6E-6C61-0347-8958-7B2113982A55}" = CCC Help Portuguese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3C66EECF-8143-55D4-774A-309A59230A92}" = Catalyst Control Center Graphics Full Existing
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D1D2CD5-F910-403E-A441-D5EA66DD5352}_is1" = Logos Accounting
"{4E26A517-0EE8-4BE4-ADB6-DEAE8F772DCB}_is1" = Logos Church Management
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54372041-9715-DE87-F84E-B0995D7567C6}" = CCC Help Chinese Traditional
"{5D6A4F95-49B5-0FC4-81CF-18176000B235}" = Catalyst Control Center Graphics Full New
"{5E25081D-9CB4-4B17-AD2B-8DF2DC335E85}" = HP Documentation
"{622DF39A-1A06-4D11-AD83-1CE807B14667}" = Logos Accounting
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6D3650CA-7104-5DF0-E7EC-290CEC529AF8}" = CCC Help Korean
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71D30D86-88C0-4A6E-8A9B-5403A8A5D6D4}" = Bing Bar
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{748B51C8-0DDB-40B1-B801-F4B50E9C2463}" = Iminent
"{76B344A5-F756-0107-3559-1D97F9B316DC}" = CCC Help Norwegian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7CA09975-C4BE-469D-E45F-E47E9391106B}" = CCC Help Dutch
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy
"{8317CB1C-50ED-4401-B21A-C7CF26DC380A}" = Logos Church Management
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FA97A48-D942-AE67-D901-7C4136CC9DFD}" = CCC Help Danish
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{920E9471-FF68-680F-537C-F21777E53D31}" = CCC Help Turkish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4E828B6-FE61-E279-A174-F5323931400B}" = CCC Help Finnish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B6BEB695-166D-E268-8AA2-A243F615D0BA}" = CCC Help Japanese
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C21A705D-D992-204F-8A2A-C31F490F502F}" = CCC Help Greek
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAA10DB8-E20C-9192-38F9-1F5399EA2DB7}" = CCC Help Italian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD184A27-1174-E497-189A-0CA5DB56BC97}" = CCC Help Chinese Standard
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3A451EE-219D-F373-5152-8C4760278628}" = Catalyst Control Center Graphics Light
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5959B62-9515-8DC9-ED0B-1680210AAC3E}" = CCC Help English
"{DA9481F2-D8A1-CC1D-4A8E-22854E60C6EB}" = Catalyst Control Center Localization All
"{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}" = Internet Explorer Toolbar 4.8 by SweetPacks
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE2B9A3D-976F-BE70-7557-52EE82BAB1C6}" = CCC Help French
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9F950D9-A469-644E-3977-31F2963AEE23}" = CCC Help Swedish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED6CEC68-1D49-5BCB-57B4-CD128E242356}" = CCC Help Hungarian
"{EDE97402-4A1F-2D15-FDB4-5620C57A9BA5}" = Catalyst Control Center Graphics Previews Common
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F08A7C44-17FC-ED74-831E-5BCA9D5B77AD}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1224610-A17E-4E65-560A-D56B963D650D}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{F7C81FF0-8624-8C6E-D28D-CF68DFE7AE8C}" = Catalyst Control Center Graphics Previews Vista
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-zip" = 7-zip v9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Canon MG5200 series User Registration" = Canon MG5200 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"FLV Player2.0.25" = FLV Player
"FoodBuzz" = FoodBuzz
"FriendsChecker" = FriendsChecker
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1042E756-FC48-4E6D-A13C-4B1A0EC014F4}" = MediaShout 4.0
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{622DF39A-1A06-4D11-AD83-1CE807B14667}" = Logos Accounting
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{8317CB1C-50ED-4401-B21A-C7CF26DC380A}" = Logos Church Management
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SearchDonkey" = SearchDonkey
"SMPlayer" = SMPlayer 0.6.9
"Tax Forms Helper 2012_is1" = Tax Forms Helper 2012 10.5
"TrueSwitch Wizard EC" = TrueSwitch Wizard EC
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087335" = Build-a-lot 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087373" = Jewel Quest 3
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/20/2013 9:41:34 PM | Computer Name = Owner-HP | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: MSHTML.dll, version: 10.0.9200.16576,
time stamp: 0x515e45ac Exception code: 0xc0000005 Fault offset: 0x00125d92 Faulting
process id: 0x2870 Faulting application start time: 0x01ce55c445740368 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: 9117e120-c1b7-11e2-b47f-984be19096a6

Error - 5/20/2013 9:55:30 PM | Computer Name = Owner-HP | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: MSHTML.dll, version: 10.0.9200.16576,
time stamp: 0x515e45ac Exception code: 0xc0000005 Fault offset: 0x00125d92 Faulting
process id: 0x261c Faulting application start time: 0x01ce55c6404e8710 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: 8398d114-c1b9-11e2-b47f-984be19096a6

Error - 5/20/2013 10:09:39 PM | Computer Name = Owner-HP | Source = Iminent | ID = 0
Description =

Error - 5/26/2013 6:22:51 PM | Computer Name = Owner-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/2/2013 3:04:08 PM | Computer Name = Owner-HP | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: urlmon.dll, version: 10.0.9200.16576,
time stamp: 0x515e314b Exception code: 0xc0000005 Fault offset: 0x00003363 Faulting
process id: 0x163c Faulting application start time: 0x01ce5fc3f10ebbcf Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\syswow64\urlmon.dll Report Id: 337869c0-cbb7-11e2-9a35-984be19096a6

Error - 6/23/2013 5:19:10 PM | Computer Name = Owner-HP | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 21.0.0.4879, time
stamp: 0x518ec3cc Faulting module name: xul.dll, version: 21.0.0.4879, time stamp:
0x518ec306 Exception code: 0xc0000005 Fault offset: 0x001c9789 Faulting process id:
0xe04 Faulting application start time: 0x01ce7055a11ff355 Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\xul.dll Report Id: 8b50fd9d-dc4a-11e2-afcf-984be19096a6

Error - 7/4/2013 1:31:35 PM | Computer Name = Owner-HP | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 21.0.0.4879, time
stamp: 0x518ec3cc Faulting module name: xul.dll, version: 21.0.0.4879, time stamp:
0x518ec306 Exception code: 0xc0000005 Fault offset: 0x001c9789 Faulting process id:
0xf2c Faulting application start time: 0x01ce78d1dbabd898 Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\xul.dll Report Id: 928cc9be-e4cf-11e2-8fb9-984be19096a6

Error - 7/10/2013 7:28:59 PM | Computer Name = Owner-HP | Source = Iminent | ID = 0
Description =

Error - 7/14/2013 11:03:14 PM | Computer Name = Owner-HP | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 22.0.0.4917, time
stamp: 0x51c06b1b Faulting module name: xul.dll, version: 22.0.0.4917, time stamp:
0x51c06a5b Exception code: 0xc0000005 Fault offset: 0x00173668 Faulting process id:
0x1348 Faulting application start time: 0x01ce810748bcbfce Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\xul.dll Report Id: 16d1e639-ecfb-11e2-aed3-984be19096a6

Error - 8/18/2013 9:13:07 PM | Computer Name = Owner-HP | Source = Service1 | ID = 0
Description = Service cannot be started. The service process could not connect to
the service controller

[ Hewlett-Packard Events ]
Error - 9/30/2012 12:00:40 AM | Computer Name = Owner-HP | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP
Support Framework\Logs\Temp\HPSA\HPSASession_201209292300.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamWriter.CreateFile(String path, Boolean append) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding, Int32 bufferSize) at System.IO.StreamWriter..ctor(String
path, Boolean append, Encoding encoding) at System.IO.File.WriteAllText(String
path, String contents, Encoding encoding) at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()


Error - 10/21/2012 7:49:49 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/21/2012 7:56:19 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/23/2012 4:43:54 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/23/2012 4:45:48 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/23/2012 5:16:25 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/24/2012 11:02:32 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/24/2012 11:02:54 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/24/2012 11:02:56 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/14/2012 8:37:36 PM | Computer Name = Owner-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Wireless Assistant Events ]
Error - 3/18/2011 4:43:54 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 3/18/2011 4:45:00 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 3/18/2011 4:46:05 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 3/18/2011 4:47:10 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 3/18/2011 4:48:15 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 3/18/2011 4:49:21 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 3/18/2011 4:50:26 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 3/18/2011 4:51:31 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 3/18/2011 4:52:37 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 3/18/2011 4:53:42 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ Media Center Events ]
Error - 2/12/2013 10:46:29 AM | Computer Name = Owner-HP | Source = MCUpdate | ID = 0
Description = 8:46:16 AM - Error connecting to the internet. 8:46:16 AM - Unable
to contact server..

Error - 2/20/2013 7:08:28 PM | Computer Name = Owner-HP | Source = MCUpdate | ID = 0
Description = 5:08:28 PM - Failed to retrieve Directory (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 2/20/2013 7:11:59 PM | Computer Name = Owner-HP | Source = MCUpdate | ID = 0
Description = 5:09:26 PM - Error connecting to the internet. 5:09:26 PM - Unable
to contact server..

Error - 2/28/2013 12:30:14 PM | Computer Name = Owner-HP | Source = MCUpdate | ID = 0
Description = 10:29:59 AM - Error connecting to the internet. 10:29:59 AM - Unable
to contact server..

Error - 3/15/2013 8:23:30 PM | Computer Name = Owner-HP | Source = MCUpdate | ID = 0
Description = 7:23:30 PM - Error connecting to the internet. 7:23:30 PM - Unable
to contact server..

Error - 3/15/2013 8:23:55 PM | Computer Name = Owner-HP | Source = MCUpdate | ID = 0
Description = 7:23:35 PM - Error connecting to the internet. 7:23:35 PM - Unable
to contact server..

Error - 3/15/2013 9:26:15 PM | Computer Name = Owner-HP | Source = MCUpdate | ID = 0
Description = 8:26:14 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

[ System Events ]
Error - 9/26/2013 9:57:14 PM | Computer Name = Owner-HP | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.10.105. The computer with the IP address 192.168.10.112
did not allow the name to be claimed by this computer.

Error - 9/26/2013 10:00:11 PM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the avgwd service.

Error - 9/26/2013 10:02:45 PM | Computer Name = Owner-HP | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.10.105. The computer with the IP address 192.168.10.112
did not allow the name to be claimed by this computer.

Error - 9/26/2013 10:04:01 PM | Computer Name = Owner-HP | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.10.105. The computer with the IP address 192.168.10.112
did not allow the name to be claimed by this computer.

Error - 9/26/2013 10:06:11 PM | Computer Name = Owner-HP | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.10.105. The computer with the IP address 192.168.10.112
did not allow the name to be claimed by this computer.

Error - 9/26/2013 10:11:22 PM | Computer Name = Owner-HP | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.10.105. The computer with the IP address 192.168.10.112
did not allow the name to be claimed by this computer.

Error - 9/26/2013 10:16:32 PM | Computer Name = Owner-HP | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.10.105. The computer with the IP address 192.168.10.112
did not allow the name to be claimed by this computer.

Error - 9/26/2013 10:16:36 PM | Computer Name = Owner-HP | Source = BROWSER | ID = 8020
Description =

Error - 9/26/2013 10:18:20 PM | Computer Name = Owner-HP | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.10.105. The computer with the IP address 192.168.10.112
did not allow the name to be claimed by this computer.

Error - 9/26/2013 10:23:30 PM | Computer Name = Owner-HP | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.10.105. The computer with the IP address 192.168.10.112
did not allow the name to be claimed by this computer.


< End of report >
tnesler
Regular Member
 
Posts: 33
Joined: September 12th, 2013, 11:42 am

Re: Hidden Malware

Unread postby tnesler » September 26th, 2013, 11:25 pm

Here is the SystemLook Log

SystemLook 04.09.10 by jpshortstuff
Log created at 21:52 on 26/09/2013 by Treasurer
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
C:\Users\The Refuge\AppData\Local\CrashDumps\BabylonToolbarsrv.exe.4836.dmp --a---- 409071 bytes [18:31 28/10/2012] [18:31 28/10/2012] F444EE00924E0B686E5C92712F7D75DD
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CSW5ES2\BabylonAdBtns1[1].js --a---- 641 bytes [20:37 04/11/2012] [20:37 04/11/2012] 5103EF5C182E4A4CD8B3BBA3C3F5064A
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OFXIZUY\babylonab[1].js --a---- 3997 bytes [23:45 06/01/2013] [23:45 06/01/2013] CBEE1DF8A61486E65393CF593C71F5FB
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OFXIZUY\BabylonTB9Map1[1].js --a---- 12455 bytes [18:27 28/10/2012] [18:27 28/10/2012] A636061DAA63F4DF0534090CB468A1DC
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OFXIZUY\BabylonTB9Map1[2].js --a---- 12455 bytes [20:37 04/11/2012] [20:37 04/11/2012] A636061DAA63F4DF0534090CB468A1DC
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OFXIZUY\BabylonTB9Map1[3].js --a---- 12230 bytes [13:10 08/11/2012] [13:10 08/11/2012] 312925E5D8CF145DB346B439820756FD
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OFXIZUY\BabylonToolbar_634704201315010000[1].png --a---- 1164 bytes [18:27 28/10/2012] [18:27 28/10/2012] 8825081F585628FA6E2F2236ACB5C018
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NFMDFXR\BabylonToolbar_634900413440666884[2].png --a---- 1744 bytes [23:21 09/12/2012] [23:21 09/12/2012] 732DFBEB1148262C17072FD782FBEEC4
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NFMDFXR\babylon[2].css --a---- 3055 bytes [23:45 06/01/2013] [23:45 06/01/2013] E297E191420B5519B04F74BD72EE36AC
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NFMDFXR\CSH-309-babylon_stopwatch[1].png --a---- 2436 bytes [18:27 28/10/2012] [18:27 28/10/2012] C7A038C009F9F70A23CFED9E82FD098C
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K4A0NWAG\BabylonTB9Map1[1].js --a---- 13932 bytes [01:51 27/11/2012] [01:51 27/11/2012] B4D9DBDDED41CA510A2B13F445FCCDB5
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\babylonab[1].js --a---- 3968 bytes [20:37 04/11/2012] [20:37 04/11/2012] 6232226732760F5480A3D868DE5C2C2F
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\BabylonAdBtns1[1].js --a---- 641 bytes [18:27 28/10/2012] [18:27 28/10/2012] 5103EF5C182E4A4CD8B3BBA3C3F5064A
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\BabylonAdBtns1[2].js --a---- 641 bytes [23:45 06/01/2013] [23:45 06/01/2013] 5103EF5C182E4A4CD8B3BBA3C3F5064A
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\BabylonTB9Map1[1].js --a---- 14047 bytes [23:45 06/01/2013] [23:45 06/01/2013] B4F11C64E3392C65A2D1AE222454EFEE
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\babylontb9[1].js --a---- 4217 bytes [13:10 08/11/2012] [13:10 08/11/2012] A8D2E737691A58DBBAE53F27BF449CAF
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\babylontb9[2].js --a---- 4245 bytes [23:45 06/01/2013] [23:45 06/01/2013] 24C5E0DB5C38DC3F7068E56CD1092FB5
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\babylon[1].css --a---- 3055 bytes [18:27 28/10/2012] [18:27 28/10/2012] E297E191420B5519B04F74BD72EE36AC
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YKJLH2N1\BabylonToolbar_634894491441878490[1].png --a---- 5748 bytes [01:51 27/11/2012] [01:51 27/11/2012] 5C07D9186AFC228B6A3AF81F8F366259
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VTXVNJO\babylonab[1].js --a---- 5338 bytes [01:56 21/05/2013] [01:56 21/05/2013] 07728B869AB6D4141BC24109A005FCDD
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VTXVNJO\BabylonAdBtns1[1].js --a---- 48382 bytes [01:56 21/05/2013] [01:56 21/05/2013] 01A39ABB4E5BE4E1024FD71B6415026C
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VTXVNJO\BabylonBaseMap1[1].js --a---- 22078 bytes [01:56 21/05/2013] [01:56 21/05/2013] 20D99A06D08D70E1A19E6FDDF94270B7
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VTXVNJO\babylon[1].css --a---- 3055 bytes [01:56 21/05/2013] [01:56 21/05/2013] E297E191420B5519B04F74BD72EE36AC
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VTXVNJO\babylon[1].js --a---- 4662 bytes [01:56 21/05/2013] [01:56 21/05/2013] 65CEF163BD6125469E9B07394F7FF9D6
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ9T70HG\BabylonToolbar_634900413440666884[1].png --a---- 1744 bytes [01:55 21/05/2013] [01:55 21/05/2013] 732DFBEB1148262C17072FD782FBEEC4
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPWW1SLH\BabylonToolbar[1].xml --a---- 3566 bytes [19:02 02/06/2013] [19:02 02/06/2013] BC107B519281A9AA257B0EE95054AD30
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4EKHS4\BabylonToolbar[1].xml --a---- 3566 bytes [01:41 21/05/2013] [01:41 21/05/2013] BC107B519281A9AA257B0EE95054AD30
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4EKHS4\BabylonToolbar[2].xml --a---- 3566 bytes [01:55 21/05/2013] [01:55 21/05/2013] BC107B519281A9AA257B0EE95054AD30
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4EKHS4\BabylonToolbar_634704201315010000[1].png --a---- 1164 bytes [01:55 21/05/2013] [01:55 21/05/2013] 8825081F585628FA6E2F2236ACB5C018

Searching for "*conduit*"
C:\Users\Owner\AppData\Local\Microsoft\Internet Explorer\DOMStore\X8E7L322\facebook.conduitapps[1].xml --a---- 13 bytes [21:03 30/10/2012] [21:03 30/10/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Owner\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1689573_1681572_US.xml --a---- 201 bytes [21:03 30/10/2012] [16:33 28/02/2013] C4460C29599EB98D992FF0C65AB293F6
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_23_318_CT3185123_Images_634697980148612517_gif.gif --a---- 2801 bytes [21:03 30/10/2012] [21:03 30/10/2012] 18FDFF918CF85DE30652017B529697B9
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_23_318_CT3185123_Images_Email_xml-0-Classic-634698566700154877_png.png --a---- 946 bytes [21:03 30/10/2012] [21:03 30/10/2012] 6763741964D65CCD6F6FA3482ED53FC7
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_bankimages_commandcomps_block_gif.gif --a---- 159 bytes [05:04 03/01/2013] [05:04 03/01/2013] FF164EABA285C2E614EBFD967FEF9732
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png --a---- 821 bytes [21:03 30/10/2012] [21:03 30/10/2012] 99D5F75C338F2A877CBF891E0F18746E
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png --a---- 729 bytes [21:03 30/10/2012] [21:03 30/10/2012] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png --a---- 531 bytes [21:03 30/10/2012] [21:03 30/10/2012] A847C5F6CE2C700048749892DD2E0619
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png --a---- 669 bytes [21:03 30/10/2012] [21:03 30/10/2012] FED9E00C76F647EE6A0B7CC684C89F0C
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png --a---- 263 bytes [21:03 30/10/2012] [21:03 30/10/2012] 36BD416D16391EFAAAFB2C3C54EAE986
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png --a---- 734 bytes [21:03 30/10/2012] [21:03 30/10/2012] 943ADFD9E0DF1507F7BC419802BF4303
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png --a---- 562 bytes [21:03 30/10/2012] [21:03 30/10/2012] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png --a---- 493 bytes [21:03 30/10/2012] [21:03 30/10/2012] 275C9DA2D536F18F528C80E050C3D705
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png --a---- 706 bytes [21:03 30/10/2012] [21:03 30/10/2012] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png --a---- 674 bytes [21:03 30/10/2012] [21:03 30/10/2012] 650731EEF807C292E699779B12CBE552
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png --a---- 607 bytes [21:03 30/10/2012] [21:03 30/10/2012] 9B4D914888BCFFCBAE6757A0E450551C
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_BankImages_Facebook_Facebook_png.png --a---- 772 bytes [05:04 03/01/2013] [05:04 03/01/2013] 1805E8470C0EE167396751BA3E9B0AAA
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_16_4840732836693914556_png.png --a---- 518 bytes [21:03 30/10/2012] [21:03 30/10/2012] 27958A74D6D5CEE4D171AE73D7C90008
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_24_4994733405920971126_png.png --a---- 1202 bytes [21:03 30/10/2012] [21:03 30/10/2012] FE50DF899FC7C71BAE1BAAD01A30B059
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif --a---- 419 bytes [21:03 30/10/2012] [21:03 30/10/2012] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_images_eula_png.png --a---- 513 bytes [21:03 30/10/2012] [21:03 30/10/2012] F43944209A64CCD0C9B5A92743F0F787
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif --a---- 403 bytes [21:03 30/10/2012] [21:03 30/10/2012] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif --a---- 414 bytes [21:03 30/10/2012] [21:03 30/10/2012] A9E001CBC00B06B121DFBC80707F5298
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif --a---- 278 bytes [21:03 30/10/2012] [21:03 30/10/2012] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif --a---- 405 bytes [21:03 30/10/2012] [21:03 30/10/2012] 995595D4C685D659E8F03CD0A287EDDF
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif --a---- 405 bytes [21:03 30/10/2012] [21:03 30/10/2012] AA39D8A6B65E208901EBA9F3D4728D3E
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif --a---- 361 bytes [21:03 30/10/2012] [21:03 30/10/2012] 464E244E7E2F27FB85E0C3AB69D72104
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif --a---- 425 bytes [21:03 30/10/2012] [21:03 30/10/2012] 6427565C7105DC497287866100F260BB
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif --a---- 381 bytes [21:03 30/10/2012] [21:03 30/10/2012] AE7C9F67594A84B096D225601ACB0B2A
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif --a---- 351 bytes [21:03 30/10/2012] [21:03 30/10/2012] C3EBA0237D68F665AF6D663906221092
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif --a---- 399 bytes [21:03 30/10/2012] [21:03 30/10/2012] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif --a---- 405 bytes [21:03 30/10/2012] [21:03 30/10/2012] 66018EAE0906C9831A821CAE5D1089BB
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif --a---- 371 bytes [21:03 30/10/2012] [21:03 30/10/2012] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif --a---- 606 bytes [21:03 30/10/2012] [21:03 30/10/2012] 2A1D4FB45F62D3D260F2134228FAB05E
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif --a---- 240 bytes [21:03 30/10/2012] [21:03 30/10/2012] AE5A39669C623937C0839E079E1088D5
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif --a---- 335 bytes [21:03 30/10/2012] [21:03 30/10/2012] 766433EF38BDA83C4FD4932027A4B9D5
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_MarketPlace_07_ddd_07caac71-eac9-4963-9fa6-f6c1cc836ddd_Appearance_634581083935348787_png.png --a---- 1544 bytes [21:03 30/10/2012] [21:03 30/10/2012] C6B2DE817E4EC8094F6FFF9C1B4CD788
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___storage_conduit_com_MarketPlace_d5_3fe_d5c4c431-a6ed-49fe-9670-df872dce43fe_Appearance_634527283768578406_png.png --a---- 1904 bytes [21:03 30/10/2012] [21:03 30/10/2012] 8287C45C18F9F5CDC88672CAD5142DC5
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___weather_conduit_com_images_weather_Default_cloudy_gif.gif --a---- 406 bytes [14:08 04/11/2012] [14:08 04/11/2012] 61A76264B50BF0E425D6BD7DB73F40B4
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___weather_conduit_com_images_weather_Default_drizzle_gif.gif --a---- 351 bytes [04:29 03/12/2012] [04:29 03/12/2012] 703A98E0FBFB8C9B617E732C9E62DB04
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___weather_conduit_com_images_weather_Default_flurries_gif.gif --a---- 404 bytes [21:30 10/11/2012] [21:30 10/11/2012] 5A985D8E2783DA9A33F8B3848A90B8E9
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___weather_conduit_com_images_weather_Default_foggy_night_gif.gif --a---- 418 bytes [14:41 23/12/2012] [14:41 23/12/2012] 0E4E164871B63462E3FD3EB9982C7C45
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___weather_conduit_com_images_weather_Default_hazy_gif.gif --a---- 468 bytes [23:14 22/12/2012] [23:14 22/12/2012] 25C37C070415AAC32DD6C50BD64276CC
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___weather_conduit_com_images_weather_Default_hazy_night_gif.gif --a---- 435 bytes [00:18 23/12/2012] [00:18 23/12/2012] 279120757E0459B90E5E0DD853E82359
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif --a---- 173 bytes [21:03 30/10/2012] [21:03 30/10/2012] E509575F473727B14C87367068C42353
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif --a---- 212 bytes [02:34 31/10/2012] [02:34 31/10/2012] 88CD5B8D6F007347115A8A602E5D158B
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___weather_conduit_com_images_weather_Default_snow_gif.gif --a---- 117 bytes [03:10 26/11/2012] [03:10 26/11/2012] 3927F6D007F9E2D3F9D4BDEC48EE52AA
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif --a---- 259 bytes [14:43 09/12/2012] [14:43 09/12/2012] 110EC9BCA8470D6488B626EA28914A6C
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_night_gif.gif --a---- 204 bytes [03:55 31/10/2012] [03:55 31/10/2012] 5EBD213E8A460652C883CBF68C152B5B
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons\http___www_conduit_com_images_AccountsV2_SearchComponent_search_button_format_bing_png.png --a---- 736 bytes [21:03 30/10/2012] [21:03 30/10/2012] DEB2371B6C3A21691ADF619F579EDE39
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml --a---- 7037 bytes [00:32 15/11/2012] [04:11 27/02/2013] 0B96497BA80BF342415B90AE2F2FB092
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml --a---- 5515 bytes [00:32 15/11/2012] [04:11 27/02/2013] 99F43BD1FBE50F6CEE0714818FCAD0A8
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml --a---- 6581 bytes [00:32 15/11/2012] [04:11 27/02/2013] 93DBA7DBB3A402F930076666BD7C539C
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml --a---- 5514 bytes [00:32 15/11/2012] [04:11 27/02/2013] 16A75DAC853B7B226069A2F21C379531
C:\Users\Treasurer\AppData\Local\Microsoft\Internet Explorer\DOMStore\BNR3TFYX\facebook.conduitapps[1].xml --a---- 13 bytes [01:56 21/05/2013] [01:56 21/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VTXVNJO\translation_toolbar_conduit-services_com[1].txt --a---- 105127 bytes [01:56 21/05/2013] [01:56 21/05/2013] EB5BCA67000B076D57DB4732F16288CC
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ9T70HG\contextmenu_toolbar_conduit-services_com[1].xml --a---- 6581 bytes [01:56 21/05/2013] [01:56 21/05/2013] 93DBA7DBB3A402F930076666BD7C539C
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ9T70HG\contextmenu_toolbar_conduit-services_com[2].xml --a---- 7037 bytes [01:56 21/05/2013] [01:56 21/05/2013] 0B96497BA80BF342415B90AE2F2FB092
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ9T70HG\contextmenu_toolbar_conduit-services_com[3].xml --a---- 5514 bytes [01:56 21/05/2013] [01:56 21/05/2013] 8DFE2D4108CDAF64D0DF5B878A6CD332
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4EKHS4\appsmetadata_toolbar_conduit-services_com[1].txt --a---- 1845 bytes [02:01 21/05/2013] [02:01 21/05/2013] 54ABF600555203F3B71B7523594AF7AB
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4EKHS4\contextmenu_toolbar_conduit-services_com[1].xml --a---- 5514 bytes [01:56 21/05/2013] [01:56 21/05/2013] 16A75DAC853B7B226069A2F21C379531
C:\Users\Treasurer\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1689573_1681572_US.xml --a---- 201 bytes [01:57 21/05/2013] [01:57 21/05/2013] C4460C29599EB98D992FF0C65AB293F6

Searching for "*sweetpacks*"
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4EKHS4\start_sweetpacks_com[2].htm --a---- 7965 bytes [19:04 02/06/2013] [19:04 02/06/2013] AC68C4B4D2F0DFA468AB62E030F94B34

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
C:\ProgramData\Babylon d------ [03:56 14/10/2012]
C:\ProgramData\WildTangent\My HP Game Console\UI\htdocs2\Common\product\babylonia d------ [09:03 20/11/2010]
C:\Users\All Users\Babylon d------ [03:56 14/10/2012]
C:\Users\All Users\WildTangent\My HP Game Console\UI\htdocs2\Common\product\babylonia d------ [09:03 20/11/2010]
C:\Users\Owner\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_BabylonToolbarsr_94a1493e781ac46a465984bae9f7f1c1eed7c8c_04085d7a d----c- [18:51 15/10/2012]
C:\Users\Owner\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_BabylonToolbarsr_f52ec97a92614695c176f2abd60dc49962e9556_15b6c4d6 d----c- [20:43 15/10/2012]
C:\Users\Owner\AppData\Local\Temp\mt_ffx\BabylonToolbar d------ [03:57 14/10/2012]
C:\Users\Owner\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar d------ [03:57 14/10/2012]
C:\Users\Owner\AppData\LocalLow\BabylonToolbar d------ [04:10 14/10/2012]
C:\Users\Owner\AppData\LocalLow\BabylonToolbar\BabylonToolbar d------ [04:10 14/10/2012]
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_BabylonToolbarsr_7eccd55e90bfecadd8250d2126936af53c47b_0ffaeb76 d----c- [18:32 28/10/2012]
C:\Users\The Refuge\AppData\LocalLow\BabylonToolbar d------ [18:27 28/10/2012]
C:\Users\The Refuge\AppData\LocalLow\BabylonToolbar\BabylonToolbar d------ [18:27 28/10/2012]
C:\Users\Treasurer\AppData\LocalLow\BabylonToolbar d------ [01:41 21/05/2013]
C:\Users\Treasurer\AppData\LocalLow\BabylonToolbar\BabylonToolbar d------ [01:41 21/05/2013]

Searching for "*conduit*"
C:\Program Files (x86)\Conduit d------ [21:02 30/10/2012]
C:\Users\Owner\AppData\Local\Conduit d------ [21:02 30/10/2012]
C:\Users\Owner\AppData\LocalLow\Conduit d------ [21:02 30/10/2012]
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Repository\conduit_CT3239904_CT3239904 d------ [21:03 30/10/2012]
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Repository\conduit_CT3239904_en d------ [21:03 30/10/2012]
C:\Users\Treasurer\AppData\LocalLow\Conduit d------ [01:55 21/05/2013]

Searching for "*sweetpacks*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isea
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.co

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isea
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.co

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\iLivid]
[HKEY_CURRENT_USER\Software\iLivid\iLivid]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f4b45136_0]
@="{0.0.0.00000000}.{26cc6ba4-77b9-4f05-9866-7cf4908fd3c6}|\Device\HarddiskVolume2\Users\Treasurer\AppData\Local\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Treasurer\AppData\Local\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Treasurer\AppData\Local\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r394-n-bf.exe]
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\iLivid]
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\iLivid\iLivid]
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f4b45136_0]
@="{0.0.0.00000000}.{26cc6ba4-77b9-4f05-9866-7cf4908fd3c6}|\Device\HarddiskVolume2\Users\Treasurer\AppData\Local\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Treasurer\AppData\Local\iLivid]
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Treasurer\AppData\Local\iLivid]

Searching for "whitesmoke"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isea
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.co

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Trolltech]
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isea
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
"OSDFileURL"="file:///C:/Program%20Files%20(x86)/BabylonToolbar/BabylonToolbar/1.8.0.7/BabylonToolbar.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon\Babylon Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS]
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.co
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
"OSDFileURL"="file:///C:/Program%20Files%20(x86)/BabylonToolbar/BabylonToolbar/1.8.0.7/BabylonToolbar.xml"

Searching for "conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isea
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6F5D2098-9FC4-4D29-8513-D5FEF152C6B3}]
"URL"="http://search.conduit.com/Results.aspx?ctid=CT3300019&SearchSource=45&UM=2&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Community Alerts]
"Path"="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.co
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6F5D2098-9FC4-4D29-8513-D5FEF152C6B3}]
"URL"="http://search.conduit.com/Results.aspx?ctid=CT3300019&SearchSource=45&UM=2&q={searchTerms}"

Searching for "sweetpacks"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage]
"product_name"="Updater By SweetPacks"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
"TopResultURL"="http://start.sweetpacks.com?src=6&q={searchTerms}&barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}&crg=3.5000006.10042&st=23"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
"TopResultURLFallback"="http://start.sweetpacks.com?src=6&q={searchTerms}&barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}&crg=3.5000006.10042&st=23"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
"URL"="http://start.sweetpacks.com?src=6&q={searchTerms}&barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}&crg=3.5000006.10042&st=23"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843]
"ProductName"="Internet Explorer Toolbar 4.8 by SweetPacks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843\InstallProperties]
"DisplayName"="Internet Explorer Toolbar 4.8 by SweetPacks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}"="C:\Program Files\Updater By SweetPacks\Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Updater By SweetPacks]
[HKEY_LOCAL_MACHINE\SOFTWARE\Updater By SweetPacks]
"product_name"="Updater By SweetPacks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
"URL"="http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}]
"DisplayName"="Internet Explorer Toolbar 4.8 by SweetPacks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Updater By SweetPacks]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Updater By SweetPacks]
"product_name"="Updater By SweetPacks"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By SweetPacks]
[HKEY_USERS\.DEFAULT\Software\WNLT]
"URL"="SSWEETPACKS"
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks]
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage]
"product_name"="Updater By SweetPacks"
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
"TopResultURL"="http://start.sweetpacks.com?src=6&q={searchTerms}&barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}&crg=3.5000006.10042&st=23"
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
"TopResultURLFallback"="http://start.sweetpacks.com?src=6&q={searchTerms}&barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}&crg=3.5000006.10042&st=23"
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
"URL"="http://start.sweetpacks.com?src=6&q={searchTerms}&barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}&crg=3.5000006.10042&st=23"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By SweetPacks]
[HKEY_USERS\S-1-5-18\Software\WNLT]
"URL"="SSWEETPACKS"

-= EOF =-
tnesler
Regular Member
 
Posts: 33
Joined: September 12th, 2013, 11:42 am

Re: Hidden Malware

Unread postby Gary R » September 27th, 2013, 4:48 am

OK, lets get started with the removal ...

First ...

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Java(TM) 6 Update 20 (64-bit)


Out of date versions of Java can be exploited.

Next ...

  • Close your browser and double click on this icon on your desktop ... Image
  • You will then see the screen below ...

    Image
  • Click on the Scan button (as indicated).
  • Accept any prompts that appear and allow it to run. It may take several minutes to complete.
  • When it is done click on the Clean button, accept any prompts that appear and allow the system to reboot.
  • Upon reboot you will be presented with a "fix" report.
  • Please post the report in your next reply.

Next ...

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE:64bit: - HKLM\..\SearchScopes\{564A8274-2562-4D05-B3AE-9E4FFAE06975}: "URL" = http://www.ask.com/web?q= {searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{564A8274-2562-4D05-B3AE-9E4FFAE06975}: "URL" = http://www.ask.com/web?q= {searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}: "URL" = http://search.mywebsearch.com/mywebsear ... .jhtml?p2= ^YL^xdm117^YY^us&si=466203&ptb=D207D7EA-2173-4897-8655-80E770D58108&psa=&ind=2012121613&st=sb&n=77ee8a0d&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsear ... .jhtml?p2= ^XP^xdm259^S04015^us&si=113814&ptb=189DF932-50E9-4366-B596-4DF13DAE3C92&psa=&ind=2013052021&st=sb&n=77fcbc75&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q= {searchTerms}&st=12&crg=3.5000006.10042&barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\..\SearchScopes\{12C79467-FA4E-45BB-A727-062CCAE5FA94}: "URL" = http://delicious.com/search?p= {searchTerms}
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\..\SearchScopes\{66C5B39D-322B-4951-9075-59F1F024B307}: "URL" = http://www.mysearchresults.com/search?c ... =01&q= {searchTerms}
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\..\SearchScopes\{6F5D2098-9FC4-4D29-8513-D5FEF152C6B3}: "URL" = http://search.conduit.com/Results.aspx? ... 45&UM=2&q= {searchTerms}
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsear ... .jhtml?p2= ^XP^xdm259^S04015^us&si=113814&ptb=189DF932-50E9-4366-B596-4DF13DAE3C92&psa=&ind=2013052021&st=sb&n=77fcbc75&searchfor={searchTerms}
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com?src=6&q= {searchTerms}&barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}&crg=3.5000006.10042&st=23
IE - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\..\SearchScopes\{F5F155F5-2332-4484-88A9-36287945E34E}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q= {searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=43B339E4-3512-4BD1-88DA-FA32743AB260&apn_sauid=7F75BEBE-4734-433A-840C-538F14165570
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledAddons: webbooster%40iminent.com:7.35.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "http://start.sweetpacks.com?src=6&barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}&crg=3.5000006.10042&st=23&q="
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
[2013/09/09 19:06:21 | 000,614,544 | ---- | M] () (No name found) -- C:\Users\Treasurer\AppData\Roaming\Mozilla\Firefox\Profiles\hxmckx3w.default\extensions\webbooster@iminent.com.xpi
O2 - BHO: (no name) - {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} - No CLSID value found.
O3 - HKU\S-1-5-21-559820850-3501857684-1504056127-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O33 - MountPoints2\{63732209-c3fd-11e2-b0f9-984be19096a6}\Shell - "" = AutoRun
O33 - MountPoints2\{63732209-c3fd-11e2-b0f9-984be19096a6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:Files
C:\Users\The Refuge\AppData\Local\CrashDumps\BabylonToolbarsrv.exe.4836.dmp
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CSW5ES2\BabylonAdBtns1[1].js
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OFXIZUY\babylonab[1].js
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OFXIZUY\BabylonTB9Map1[1].js
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OFXIZUY\BabylonTB9Map1[2].js
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OFXIZUY\BabylonTB9Map1[3].js
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OFXIZUY\BabylonToolbar_634704201315010000[1].png
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NFMDFXR\BabylonToolbar_634900413440666884[2].png
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NFMDFXR\babylon[2].css
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NFMDFXR\CSH-309-babylon_stopwatch[1].png
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K4A0NWAG\BabylonTB9Map1[1].js
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\babylonab[1].js
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\BabylonAdBtns1[1].js
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\BabylonAdBtns1[2].js
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\BabylonTB9Map1[1].js
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\babylontb9[1].js
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\babylontb9[2].js
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\babylon[1].css
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YKJLH2N1\BabylonToolbar_634894491441878490[1].png
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VTXVNJO\babylonab[1].js
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VTXVNJO\BabylonAdBtns1[1].js
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VTXVNJO\BabylonBaseMap1[1].js
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VTXVNJO\babylon[1].css
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VTXVNJO\babylon[1].js
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ9T70HG\BabylonToolbar_634900413440666884[1].png
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPWW1SLH\BabylonToolbar[1].xml
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4EKHS4\BabylonToolbar[1].xml
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4EKHS4\BabylonToolbar[2].xml
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4EKHS4\BabylonToolbar_634704201315010000[1].png
C:\Users\Owner\AppData\Local\Microsoft\Internet Explorer\DOMStore\X8E7L322\facebook.conduitapps[1].xml --a---- 13 bytes [21:03 30/10/2012] [21:03 30/10/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Owner\AppData\LocalLow\Conduit
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App
C:\Users\Treasurer\AppData\Local\Microsoft\Internet Explorer\DOMStore\BNR3TFYX\facebook.conduitapps[1].xml
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VTXVNJO\translation_toolbar_conduit-services_com[1].txt
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ9T70HG\contextmenu_toolbar_conduit-services_com[1].xml
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ9T70HG\contextmenu_toolbar_conduit-services_com[2].xml
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ9T70HG\contextmenu_toolbar_conduit-services_com[3].xml
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4EKHS4\appsmetadata_toolbar_conduit-services_com[1].txt
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4EKHS4\contextmenu_toolbar_conduit-services_com[1].xml
C:\Users\Treasurer\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1689573_1681572_US.xml
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4EKHS4\start_sweetpacks_com[2].htm
C:\ProgramData\Babylon
C:\Users\All Users\Babylon
C:\Users\Owner\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_BabylonToolbarsr_94a1493e781ac46a465984bae9f7f1c1eed7c8c_04085d7a
C:\Users\Owner\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_BabylonToolbarsr_f52ec97a92614695c176f2abd60dc49962e9556_15b6c4d6
C:\Users\Owner\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar
C:\Users\Owner\AppData\LocalLow\BabylonToolbar
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_BabylonToolbarsr_7eccd55e90bfecadd8250d2126936af53c47b_0ffaeb76
C:\Users\The Refuge\AppData\LocalLow\BabylonToolbar
C:\Users\The Refuge\AppData\LocalLow\BabylonToolbar\BabylonToolbar
C:\Users\Treasurer\AppData\LocalLow\BabylonToolbar
C:\Users\Treasurer\AppData\LocalLow\BabylonToolbar\BabylonToolbar
C:\Program Files (x86)\Conduit
C:\Users\Owner\AppData\Local\Conduit
C:\Users\Owner\AppData\LocalLow\Conduit
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Repository\conduit_CT3239904_CT3239904
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Repository\conduit_CT3239904_en
C:\Users\Treasurer\AppData\LocalLow\Conduit
C:\Program Files (x86)\Conduit
ipconfig /flushdns /c

:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage]
[-HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage]
[-HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software
[-HKEY_CURRENT_USER\Software\iLivid]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f4b45136_0]
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r394-n-bf.exe]
[-HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\iLivid]
[HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f4b45136_0]
@=-
[-HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Treasurer\AppData\Local\iLivid]
[-HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Treasurer\AppData\Local\iLivid]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage]
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Trolltech]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS]
[-HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software[-[-HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6F5D2098-9FC4-4D29-8513-D5FEF152C6B3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
[-HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\AppDataLow\Software\Conduit]
[-HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843\InstallProperties]
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Updater By SweetPacks]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Updater By SweetPacks]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By SweetPacks]
[HKEY_USERS\.DEFAULT\Software\WNLT]
"URL"=-
[-HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks]
[-HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
[-HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
[-HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By SweetPacks]
[HKEY_USERS\S-1-5-18\Software\WNLT]
"URL"=-

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Summary of the logs I need from you in your next post:
  • ADWCleaner fix log
  • OTL fix log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Hidden Malware

Unread postby tnesler » September 27th, 2013, 10:44 pm

Here is the OTL log after running the clean process.

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{564A8274-2562-4D05-B3AE-9E4FFAE06975}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{564A8274-2562-4D05-B3AE-9E4FFAE06975}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{564A8274-2562-4D05-B3AE-9E4FFAE06975}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{564A8274-2562-4D05-B3AE-9E4FFAE06975}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c9ef753-beb6-4582-b653-93ac59274437}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{12C79467-FA4E-45BB-A727-062CCAE5FA94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12C79467-FA4E-45BB-A727-062CCAE5FA94}\ not found.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{66C5B39D-322B-4951-9075-59F1F024B307}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66C5B39D-322B-4951-9075-59F1F024B307}\ not found.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6F5D2098-9FC4-4D29-8513-D5FEF152C6B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F5D2098-9FC4-4D29-8513-D5FEF152C6B3}\ not found.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{F5F155F5-2332-4484-88A9-36287945E34E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5F155F5-2332-4484-88A9-36287945E34E}\ not found.
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: webbooster%40iminent.com:7.35.1.1 removed from extensions.enabledAddons
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1 removed from extensions.enabledAddons
Prefs.js: "http://start.sweetpacks.com?src=6&barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}&crg=3.5000006.10042&st=23&q=" removed from keyword.URL
File C:\Users\Treasurer\AppData\Roaming\Mozilla\Firefox\Profiles\hxmckx3w.default\extensions\webbooster@iminent.com.xpi not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C8501DD-5580-48AB-B25C-6D5DBE835A6A}\ not found.
Registry value HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63732209-c3fd-11e2-b0f9-984be19096a6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63732209-c3fd-11e2-b0f9-984be19096a6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63732209-c3fd-11e2-b0f9-984be19096a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63732209-c3fd-11e2-b0f9-984be19096a6}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
C:\Windows\SysNative\SETFAE1.tmp deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
========== FILES ==========
C:\Users\The Refuge\AppData\Local\CrashDumps\BabylonToolbarsrv.exe.4836.dmp moved successfully.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CSW5ES2\BabylonAdBtns1[1].js moved successfully.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OFXIZUY\babylonab[1].js moved successfully.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OFXIZUY\BabylonTB9Map1[1].js moved successfully.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OFXIZUY\BabylonTB9Map1[2].js moved successfully.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OFXIZUY\BabylonTB9Map1[3].js moved successfully.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OFXIZUY\BabylonToolbar_634704201315010000[1].png moved successfully.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NFMDFXR\BabylonToolbar_634900413440666884[2].png moved successfully.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NFMDFXR\babylon[2].css moved successfully.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NFMDFXR\CSH-309-babylon_stopwatch[1].png moved successfully.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K4A0NWAG\BabylonTB9Map1[1].js moved successfully.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\babylonab[1].js moved successfully.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\BabylonAdBtns1[1].js moved successfully.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\BabylonAdBtns1[2].js moved successfully.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\BabylonTB9Map1[1].js moved successfully.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\babylontb9[1].js moved successfully.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\babylontb9[2].js moved successfully.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9YOSPVD\babylon[1].css moved successfully.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YKJLH2N1\BabylonToolbar_634894491441878490[1].png moved successfully.
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VTXVNJO\babylonab[1].js moved successfully.
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VTXVNJO\BabylonAdBtns1[1].js moved successfully.
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VTXVNJO\BabylonBaseMap1[1].js moved successfully.
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VTXVNJO\babylon[1].css moved successfully.
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VTXVNJO\babylon[1].js moved successfully.
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ9T70HG\BabylonToolbar_634900413440666884[1].png moved successfully.
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPWW1SLH\BabylonToolbar[1].xml moved successfully.
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4EKHS4\BabylonToolbar[1].xml moved successfully.
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4EKHS4\BabylonToolbar[2].xml moved successfully.
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4EKHS4\BabylonToolbar_634704201315010000[1].png moved successfully.
Invalid Switch: 2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
File\Folder C:\Users\Owner\AppData\LocalLow\Conduit not found.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Twitter folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Rss folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Repository\conduit_CT3239904_en\ToolbarTranslation folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Repository\conduit_CT3239904_en folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Repository\conduit_CT3239904_CT3239904\ToolbarTranslation folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Repository\conduit_CT3239904_CT3239904\ToolbarSettings folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Repository\conduit_CT3239904_CT3239904\ToolbarLogin folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Repository\conduit_CT3239904_CT3239904\ToolbarHiddenSettings folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Repository\conduit_CT3239904_CT3239904\ToolbarHiddenLogin folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Repository\conduit_CT3239904_CT3239904\DynamicDialogs folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Repository\conduit_CT3239904_CT3239904\AppsMetaData folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Repository\conduit_CT3239904_CT3239904 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Repository folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\RadioPlayer folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\MyStuffApps folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Logs folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\ExternalComponent folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\EmailNotifier folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\UntrustedAppPendingDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\UntrustedAppApprovalDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\UntrustedAddedAppDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\UninstallDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\ToolbarFirstTimeDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\SearchProtectorRetakeoverDialog\Images folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\SearchProtectorRetakeoverDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\SearchProtectorDialog\Images folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\SearchProtectorDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\NewSearchProtectorDialog\images folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\NewSearchProtectorDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\EngineFirstTimeDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\DetectedAppDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\DefualtImages folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs\AddedAppDialog folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Dialogs folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\CacheIcons folder moved successfully.
C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App folder moved successfully.
C:\Users\Treasurer\AppData\Local\Microsoft\Internet Explorer\DOMStore\BNR3TFYX\facebook.conduitapps[1].xml moved successfully.
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3VTXVNJO\translation_toolbar_conduit-services_com[1].txt moved successfully.
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ9T70HG\contextmenu_toolbar_conduit-services_com[1].xml moved successfully.
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ9T70HG\contextmenu_toolbar_conduit-services_com[2].xml moved successfully.
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ9T70HG\contextmenu_toolbar_conduit-services_com[3].xml moved successfully.
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4EKHS4\appsmetadata_toolbar_conduit-services_com[1].txt moved successfully.
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4EKHS4\contextmenu_toolbar_conduit-services_com[1].xml moved successfully.
File\Folder C:\Users\Treasurer\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1689573_1681572_US.xml not found.
C:\Users\Treasurer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UR4EKHS4\start_sweetpacks_com[2].htm moved successfully.
File\Folder C:\ProgramData\Babylon not found.
File\Folder C:\Users\All Users\Babylon not found.
C:\Users\Owner\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_BabylonToolbarsr_94a1493e781ac46a465984bae9f7f1c1eed7c8c_04085d7a folder moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_BabylonToolbarsr_f52ec97a92614695c176f2abd60dc49962e9556_15b6c4d6 folder moved successfully.
C:\Users\Owner\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar\1.8.0.7 folder moved successfully.
C:\Users\Owner\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar folder moved successfully.
File\Folder C:\Users\Owner\AppData\LocalLow\BabylonToolbar not found.
C:\Users\The Refuge\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_BabylonToolbarsr_7eccd55e90bfecadd8250d2126936af53c47b_0ffaeb76 folder moved successfully.
File\Folder C:\Users\The Refuge\AppData\LocalLow\BabylonToolbar not found.
File\Folder C:\Users\The Refuge\AppData\LocalLow\BabylonToolbar\BabylonToolbar not found.
File\Folder C:\Users\Treasurer\AppData\LocalLow\BabylonToolbar not found.
File\Folder C:\Users\Treasurer\AppData\LocalLow\BabylonToolbar\BabylonToolbar not found.
File\Folder C:\Program Files (x86)\Conduit not found.
File\Folder C:\Users\Owner\AppData\Local\Conduit not found.
File\Folder C:\Users\Owner\AppData\LocalLow\Conduit not found.
File\Folder C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Repository\conduit_CT3239904_CT3239904 not found.
File\Folder C:\Users\Owner\AppData\LocalLow\SocialSearchBar_App\Repository\conduit_CT3239904_en not found.
File\Folder C:\Users\Treasurer\AppData\LocalLow\Conduit not found.
File\Folder C:\Program Files (x86)\Conduit not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Treasurer\Desktop\cmd.bat deleted successfully.
C:\Users\Treasurer\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Softwar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage\ not found.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Softwar\ not found.
Registry key HKEY_CURRENT_USER\Software\iLivid\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f4b45136_0\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r394-n-bf.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\iLivid\ not found.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f4b45136_0 not found.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Treasurer\AppData\Local\iLivid\ not found.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Treasurer\AppData\Local\iLivid\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ not found.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Trolltech\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS\ not found.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software[-[-S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\script_storage\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6F5D2098-9FC4-4D29-8513-D5FEF152C6B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F5D2098-9FC4-4D29-8513-D5FEF152C6B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\conduitinstaller_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\prompt_installer-conduit_RASMANCS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32\ not found.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\AppDataLow\Software\Conduit\ not found.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Softwar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843\InstallProperties\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Updater By SweetPacks\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Updater By SweetPacks\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By SweetPacks\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\WNLT\\URL deleted successfully.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Updater By SweetPacks\ not found.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_USERS\S-1-5-21-559820850-3501857684-1504056127-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By SweetPacks\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\WNLT\\URL not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 144951569 bytes
->Temporary Internet Files folder emptied: 708907879 bytes
->Java cache emptied: 45946 bytes
->Flash cache emptied: 86253 bytes

User: Public

User: The Refuge
->Temp folder emptied: 78350368 bytes
->Temporary Internet Files folder emptied: 956331335 bytes
->Java cache emptied: 43228 bytes
->Google Chrome cache emptied: 83612419 bytes
->Flash cache emptied: 112373 bytes

User: Treasurer
->Temp folder emptied: 9268493 bytes
->Temporary Internet Files folder emptied: 61671892 bytes
->Java cache emptied: 46019 bytes
->FireFox cache emptied: 18507917 bytes
->Flash cache emptied: 1017 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 899294518 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36050258 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 201083505 bytes

Total Files Cleaned = 3,050.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 09272013_212403

Files\Folders moved on Reboot...
C:\Users\Treasurer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
tnesler
Regular Member
 
Posts: 33
Joined: September 12th, 2013, 11:42 am

Re: Hidden Malware

Unread postby tnesler » September 27th, 2013, 10:50 pm

Here is the ADWCleaner Log

# AdwCleaner v3.005 - Report created 27/09/2013 at 21:13:06
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Treasurer - OWNER-HP
# Running from : C:\Users\Treasurer\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Iminent
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
Folder Deleted : C:\Users\Owner\AppData\Local\Giant Savings
Folder Deleted : C:\Users\Owner\AppData\Local\visi_coupon
Folder Deleted : C:\Users\Owner\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Owner\AppData\LocalLow\BringMeSports_1c
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\TelevisionFanatic
Folder Deleted : C:\Users\Owner\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Owner\AppData\Roaming\Iminent
Folder Deleted : C:\Users\The Refuge\AppData\Local\visi_coupon
Folder Deleted : C:\Users\The Refuge\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\The Refuge\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Treasurer\AppData\Local\visi_coupon
Folder Deleted : C:\Users\Treasurer\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Treasurer\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Treasurer\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Treasurer\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\The Refuge\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\The Refuge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
File Deleted : C:\Users\Treasurer\AppData\Roaming\Mozilla\Firefox\Profiles\hxmckx3w.default\Extensions\webbooster@iminent.com.xpi
File Deleted : C:\END
File Deleted : C:\Users\Treasurer\AppData\Roaming\Mozilla\Firefox\Profiles\hxmckx3w.default\user.js
File Deleted : C:\Users\The Refuge\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3239904
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{002D1BA6-4766-4D7D-82B8-F49439C66F97}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F653D037-97FA-4755-98C1-7F382EEB59A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{002D1BA6-4766-4D7D-82B8-F49439C66F97}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F653D037-97FA-4755-98C1-7F382EEB59A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\Giant Savings
Key Deleted : HKCU\Software\AppDataLow\Software\HappyLyrics
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Treasurer\AppData\Roaming\Mozilla\Firefox\Profiles\hxmckx3w.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://start.sweetpacks.com/?barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}&src=97&crg=3.5000006.10042&st=23");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.SOFTONICREFRESHRATE", "140000");
Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.SOFTONICREFRESHRATE", "140000");
Line Deleted : user_pref("keyword.URL", "hxxp://start.sweetpacks.com?src=6&barid={BE2BD2D4-C65B-11E2-B02B-984BE19096A6}&crg=3.5000006.10042&st=23&q=");
Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks");

*************************

AdwCleaner[R0].txt - [18476 octets] - [26/09/2013 21:13:06]
AdwCleaner[R1].txt - [18537 octets] - [27/09/2013 20:59:41]
AdwCleaner[S0].txt - [18483 octets] - [27/09/2013 21:13:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18544 octets] ##########
tnesler
Regular Member
 
Posts: 33
Joined: September 12th, 2013, 11:42 am

Re: Hidden Malware

Unread postby tnesler » September 27th, 2013, 10:51 pm

FYI: I still can't turn on WSC...:-(

Tom Nesler
tnesler
Regular Member
 
Posts: 33
Joined: September 12th, 2013, 11:42 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 129 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware