SpyWare BeWare! ASAP
March 25, 2017, 12:53:36 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: 1 [2] 3   Go Down
  Print  
Author Topic: Browser windows to random sites w/o request  (Read 2900 times)
0 Members and 1 Guest are viewing this topic.
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #15 on: September 26, 2013, 09:07:02 PM »

Lets clean out any adware: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.  
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder:  C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Try this link for ComboFix:
http://www.majorgeeks.com/files/details/combofix.html

 MrC
Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #16 on: September 27, 2013, 11:24:19 AM »

Shew! This has been aggravating and I am so thankful for your help! Heres' the first requested log. on to malwarebytes per instructions. log to follow

# AdwCleaner v3.005 - Report created 27/09/2013 at 12:14:26
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Karol - KAROL-PC
# Running from : C:\Users\Karol\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\WhiteSmoke_New
Folder Deleted : C:\Users\Karol\AppData\Local\Conduit
Folder Deleted : C:\Users\Karol\AppData\Local\cre
Folder Deleted : C:\Users\Karol\AppData\Local\SwvUpdater
  • Not Deleted : C:\Users\Karol\AppData\Local\Temp\CT3289847
  • Not Deleted : C:\Users\Karol\AppData\LocalLow\Conduit
  • Not Deleted : C:\Users\Karol\AppData\LocalLow\PriceGong
  • Not Deleted : C:\Users\Karol\AppData\LocalLow\WhiteSmoke_New
  • Not Deleted : C:\Users\Karol\AppData\Roaming\DSite
  • Not Deleted : C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\Conduit
  • Not Deleted : C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\ConduitCommon
  • Not Deleted : C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\CT3289847
  • Not Deleted : C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
  • Not Deleted : C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
  • Not Deleted : C:\Users\Karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
  • Not Deleted : C:\Users\Karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
File Deleted : C:\END
File Deleted : C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\\invalidprefs.js
File Deleted : C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\user.js
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp
File Deleted : C:\Windows\System32\Tasks\DSite

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_klibnahbojhkanfgaglnlalfkgpcppfi]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E77F43C-4DB4-4F38-AB4B-B51E6437D869}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_New
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\WhiteSmoke_New
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\prefs.js ]

Line Deleted : user_pref("CT2438727..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2438727.AppTrackingLastCheckTime", "Fri Aug 10 2012 18:21:36 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.CTID", "CT2438727");
Line Deleted : user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0");
Line Deleted : user_pref("CT2438727.CurrentServerDate", "13-8-2012");
Line Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2438727.DialogsGetterLastCheckTime", "Mon Aug 13 2012 14:46:59 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2438727.FirstServerDate", "15-3-2010");
Line Deleted : user_pref("CT2438727.FirstTime", true);
Line Deleted : user_pref("CT2438727.FirstTimeFF3", true);
Line Deleted : user_pref("CT2438727.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2438727.GroupingInvalidateCache", false);
Line Deleted : user_pref("CT2438727.GroupingLastCheckTime", "0");
Line Deleted : user_pref("CT2438727.GroupingLastServerUpdateTime", "0");
Line Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2438727.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2438727.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2438727.Initialize", true);
Line Deleted : user_pref("CT2438727.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2438727.InstalledDate", "Mon Mar 15 2010 09:32:06 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.InvalidateCache", false);
Line Deleted : user_pref("CT2438727.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2438727.IsGrouping", false);
Line Deleted : user_pref("CT2438727.IsMulticommunity", false);
Line Deleted : user_pref("CT2438727.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2438727.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Mon Aug 13 2012 14:47:00 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2438727.LastLogin_2.5.7.3", "Thu Apr 08 2010 05:32:33 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.LastLogin_2.5.8.6", "Sun Jul 25 2010 10:30:08 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.LastLogin_2.7.1.3", "Tue Dec 21 2010 07:46:36 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2438727.LastLogin_3.14.1.0", "Mon Aug 13 2012 14:46:59 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.LastLogin_3.2.5.2", "Fri Mar 04 2011 14:09:52 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2438727.LastLogin_3.3.3.2", "Tue May 24 2011 18:21:18 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.LastLogin_3.3.5.1", "Fri Jun 24 2011 04:05:31 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.LastLogin_3.5.0.12", "Wed Aug 31 2011 10:51:34 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.LastLogin_3.6.0.10", "Fri Oct 07 2011 11:36:49 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.LastLogin_3.7.0.6", "Thu Dec 29 2011 08:50:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2438727.LastLogin_3.8.1.0", "Thu Jul 26 2012 13:05:18 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.LatestVersion", "3.14.1.0");
Line Deleted : user_pref("CT2438727.Locale", "en");
Line Deleted : user_pref("CT2438727.LoginCache", 4);
Line Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2438727.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2438727.RadioLastCheckTime", "0");
Line Deleted : user_pref("CT2438727.RadioLastUpdateIPServer", "0");
Line Deleted : user_pref("CT2438727.RadioLastUpdateServer", "0");
Line Deleted : user_pref("CT2438727.RadioShrinked", "expanded");
Line Deleted : user_pref("CT2438727.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2438727.SearchBoxWidth", 100);
Line Deleted : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2438727.SearchEngineBeforeUnload", "Google");
Line Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=");
Line Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Mon Aug 13 2012 14:46:59 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2438727.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT2438727.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT2438727.ServiceMapLastCheckTime", "Mon Aug 13 2012 14:46:59 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Mon Aug 13 2012 14:46:59 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.SettingsLastUpdate", "1344785376");
Line Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Thu Jul 26 2012 13:05:13 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727");
Line Deleted : user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2438727.UserID", "UN35733306402759046");
Line Deleted : user_pref("CT2438727.ValidationData_Search", 1);
Line Deleted : user_pref("CT2438727.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2438727.alertChannelId", "832836");
Line Deleted : user_pref("CT2438727.backendstorage.currentgame", "76616D70697265");
Line Deleted : user_pref("CT2438727.clientLogIsEnabled", false);
Line Deleted : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2438727.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2438727.globalFirstTimeInfoLastCheckTime", "Fri Aug 10 2012 12:25:28 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2438727.initDone", true);
Line Deleted : user_pref("CT2438727.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2438727.myStuffEnabled", true);
Line Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2438727.oldAppsList", "129017707048431316,129017707048587567,111,129509324767711885,129023982676944454,129665740530401877,1000034,1000080,1000082,1000234,1000515,1000,1001,1002,1003,1004,[...]
Line Deleted : user_pref("CT2438727.revertSettingsEnabled", false);
Line Deleted : user_pref("CT2438727.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2438727.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2438727.testingCtid", "");
Line Deleted : user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Mon Aug 13 2012 14:46:59 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.toolbarContextMenuLastCheckTime", "Fri Aug 10 2012 12:25:27 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2438727.usagesFlag", 2);
Line Deleted : user_pref("CT2790392..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2790392.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2790392.AppTrackingLastCheckTime", "Fri May 06 2011 10:09:18 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.BrowserCompStateIsOpen_129633547190125290", true);
Line Deleted : user_pref("CT2790392.CTID", "CT2790392");
Line Deleted : user_pref("CT2790392.CommunitiesChangesLastCheckTime", "0");
Line Deleted : user_pref("CT2790392.CurrentServerDate", "13-8-2012");
Line Deleted : user_pref("CT2790392.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2790392.DialogsGetterLastCheckTime", "Mon Aug 13 2012 14:46:59 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2790392.EMailNotifierPollDate", "Fri May 06 2011 13:19:11 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.EnableSearchHistory", false);
Line Deleted : user_pref("CT2790392.EnableSearchSuggest", false);
Line Deleted : user_pref("CT2790392.FeedLastCount129313977501788460", 550);
Line Deleted : user_pref("CT2790392.FeedPollDate129313974171006416", "Fri May 06 2011 12:09:07 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313975698350231", "Fri May 06 2011 12:09:07 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313976370850190", "Fri May 06 2011 12:09:08 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313976648818968", "Fri May 06 2011 12:09:08 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313977444757117", "Fri May 06 2011 12:09:08 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313980389131455", "Fri May 06 2011 12:09:08 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313980655381977", "Fri May 06 2011 12:09:08 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313980886163259", "Fri May 06 2011 12:09:08 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313981234756535", "Fri May 06 2011 12:09:08 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313983226631720", "Fri May 06 2011 12:09:08 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedPollDate129313983607725691", "Fri May 06 2011 12:09:08 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.FeedTTL129313974171006416", 10);
Line Deleted : user_pref("CT2790392.FeedTTL129313977444757117", 15);
Line Deleted : user_pref("CT2790392.FeedTTL129313980655381977", 5);
Line Deleted : user_pref("CT2790392.FeedTTL129313981234756535", 5);
Line Deleted : user_pref("CT2790392.FirstServerDate", "21-12-2010");
Line Deleted : user_pref("CT2790392.FirstTime", true);
Line Deleted : user_pref("CT2790392.FirstTimeFF3", true);
Line Deleted : user_pref("CT2790392.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2790392.GroupingInvalidateCache", false);
Line Deleted : user_pref("CT2790392.GroupingLastCheckTime", "0");
Line Deleted : user_pref("CT2790392.GroupingLastServerUpdateTime", "0");
Line Deleted : user_pref("CT2790392.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2790392.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2790392.Initialize", true);
Line Deleted : user_pref("CT2790392.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2790392.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2790392.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2790392.InstalledDate", "Tue Dec 21 2010 10:29:14 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2790392.InvalidateCache", false);
Line Deleted : user_pref("CT2790392.IsGrouping", false);
Line Deleted : user_pref("CT2790392.IsMulticommunity", false);
Line Deleted : user_pref("CT2790392.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2790392.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2790392.LanguagePackLastCheckTime", "Mon Aug 13 2012 14:46:59 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2790392.LastLogin_3.14.1.0", "Mon Aug 13 2012 14:46:59 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.LastLogin_3.2.5.2", "Thu Mar 31 2011 12:32:13 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.LastLogin_3.3.3.2", "Sat May 07 2011 12:38:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.LatestVersion", "3.14.1.0");
Line Deleted : user_pref("CT2790392.Locale", "en");
Line Deleted : user_pref("CT2790392.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2790392.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2790392.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2790392.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2790392.RadioIsPodcast", false);
Line Deleted : user_pref("CT2790392.RadioLastCheckTime", "Fri May 06 2011 13:26:29 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2790392.RadioLastUpdateServer", "0");
Line Deleted : user_pref("CT2790392.RadioMediaID", "10129");
Line Deleted : user_pref("CT2790392.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2790392.RadioMenuSelectedID", "EBRadioMenu_CT279039210129");
Line Deleted : user_pref("CT2790392.RadioStationName", "WFYV");
Line Deleted : user_pref("CT2790392.RadioStationURL", "hxxp://www.streamaudio.com/stations/asx/WFYV_FM.asx");
Line Deleted : user_pref("CT2790392.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2790392.SavedHomepage", "hxxp://search.conduit.com/?ctid=&SearchSource=13");
Line Deleted : user_pref("CT2790392.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=");
Line Deleted : user_pref("CT2790392.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Mon Aug 13 2012 14:46:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2790392.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2790392.ServiceMapLastCheckTime", "Mon Aug 13 2012 14:46:59 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.SettingsLastCheckTime", "Mon Aug 13 2012 14:46:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.SettingsLastUpdate", "1344785376");
Line Deleted : user_pref("CT2790392.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Tue May 03 2011 22:55:11 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2790392");
Line Deleted : user_pref("CT2790392.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2790392.UserID", "UN78292564301219840");
Line Deleted : user_pref("CT2790392.ValidationData_Search", 0);
Line Deleted : user_pref("CT2790392.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2790392.WeatherNetwork", "");
Line Deleted : user_pref("CT2790392.WeatherPollDate", "Sat May 07 2011 13:14:16 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.WeatherUnit", "F");
Line Deleted : user_pref("CT2790392.alertChannelId", "1182482");
Line Deleted : user_pref("CT2790392.backendstorage.hxxp://staging_priceblink_com/conduit.uid", "34343835643933392D356232302D343335662D353239612D316261383235623039356538");
Line Deleted : user_pref("CT2790392.backendstorage.status", "696E616374697665");
Line Deleted : user_pref("CT2790392.backendstorage.url_history", "687474703A2F2F7777772E66616365626F6F6B2E636F6D2F6E6F74696669636174696F6E732E706870");
Line Deleted : user_pref("CT2790392.backendstorage.url_history_time", "31333034363837383739313339");
Line Deleted : user_pref("CT2790392.components.1000034", false);
Line Deleted : user_pref("CT2790392.components.1000080", true);
Line Deleted : user_pref("CT2790392.components.1000082", true);
Line Deleted : user_pref("CT2790392.components.129298377186544355", false);
Line Deleted : user_pref("CT2790392.components.129298377187638111", false);
Line Deleted : user_pref("CT2790392.components.129309565073350181", false);
Line Deleted : user_pref("CT2790392.components.129309577647413174", false);
Line Deleted : user_pref("CT2790392.components.129309578575850709", false);
Line Deleted : user_pref("CT2790392.components.129313977501788460", false);
Line Deleted : user_pref("CT2790392.components.129428949113825740", false);
Line Deleted : user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2790392.globalFirstTimeInfoLastCheckTime", "Sat May 07 2011 12:38:58 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2790392.initDone", true);
Line Deleted : user_pref("CT2790392.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2790392.myStuffEnabled", true);
Line Deleted : user_pref("CT2790392.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2790392.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2790392.oldAppsList", "129298377186075601,129298377186388102,1000234,129298377186544355,1000034,129298377187638111,129309578575850709,129313977501788460,129309577647413174,129309565073350[...]
Line Deleted : user_pref("CT2790392.revertSettingsEnabled", false);
Line Deleted : user_pref("CT2790392.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2790392.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2790392.testingCtid", "");
Line Deleted : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Mon Aug 13 2012 14:46:59 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Fri Feb 04 2011 01:44:39 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2790392.usagesFlag", 2);
Line Deleted : user_pref("CT3289847.FF19Solved", "true");
Line Deleted : user_pref("CT3289847.UserID", "UN50871002065732171");
Line Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3289847.fullUserID", "UN50871002065732171.IN.20130926170938");
Line Deleted : user_pref("CT3289847.installDate", "26/09/2013 17:10:06");
Line Deleted : user_pref("CT3289847.installSessionId", "{A5473CC7-7E9F-4512-9A09-5706CB21EFE2}");
Line Deleted : user_pref("CT3289847.installSp", "false");
Line Deleted : user_pref("CT3289847.installerVersion", "1.7.1.4");
Line Deleted : user_pref("CT3289847.keyword", "true");
Line Deleted : user_pref("CT3289847.originalHomepage", "hxxp://www.google.com");
Line Deleted : user_pref("CT3289847.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3289847.originalSearchEngine", "Yahoo");
Line Deleted : user_pref("CT3289847.originalSearchEngineName", "Yahoo");
Line Deleted : user_pref("CT3289847.searchRevert", "true");
Line Deleted : user_pref("CT3289847.searchUserMode", "2");
Line Deleted : user_pref("CT3289847.smartbar.homepage", "true");
Line Deleted : user_pref("CT3289847.versionFromInstaller", "10.20.1.8");
Line Deleted : user_pref("CT3289847.xpeMode", "0");
Line Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2438727");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727", "\"1c2fc84e21f4f5a22d2ec6a95e767f972\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2790392/CT2790392", "\"f44e758256d890834e530215b35ce1d92\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", "\"1334663508\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "mfQ70fvlD2zuBxSBj8rQqA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:150d\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"807dc126dd28cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:1515\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"80ee9485875dcc1:1126\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"6a637346d78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"80b45d28468cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727", "\"c912886ea3ba021d3a9ef2d6ad700899\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392", "\"c912886ea3ba021d3a9ef2d6ad700899\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634333631231730000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634248284990000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634335443890000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/2010 3:54:59 PM", "634285417620000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2010 3:22:42 PM", "634290505850000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2010 12:43:05 PM", "634293235860000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2010 4:33:06 PM", "634303635100000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/2011 12:59:49 PM", "634339976460000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/2011 6:54:06 PM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2438727&octid=CT2438727", "\"1322100586\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2438727/CT2438727", "\"1311168869\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2790392/CT2790392", "\"1304004054\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"27f9ceb6f365cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"404de65f2ba190eb6fcce23dee94df6d\"");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "bittorrentbar");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Karol\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\c6n5aiwk.default\\conduitCommon\\modules\\3.14.1.0");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2790392");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727,CT2790392");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727,ConduitEngine,CT2790392");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 15 2011 05:05:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 21 2011 21:01:39 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 23 2011 21:01:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "{ba03039b-397e-4993-9ef0-fbe1222c1ee6}");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri May 06 2011 14:09:04 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "2330a4d4-30ff-4695-8e30-6c64d2575325");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2790392");
Line Deleted : user_pref("CommunityToolbar.killedEngine", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Aug 10 2012 12:25:33 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Aug 13 2012 14:47:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Aug 13 2012 14:47:04 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "29222337-2c75-4180-a247-d78aaa729916");
Line Deleted : user_pref("CommunityToolbar.undefined", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultenginename", "WhiteSmoke New Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN50871002065732171&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke New Customized Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN50871002065732171&UM=2&SearchSource=13");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN50871002065732171&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3289847");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN50871002065732171&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN50871002065732171&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3289847");
Line Deleted : user_pref("smartbar.machineId", "RL3LM3YAWMIJ7BZ1YKTE+LHZNCQYTFCC6CEFEFCCB06GIESHIAD/HMZXOB0BLX/AV9KYO3GSGUCCNNCQBQKIRQ");

-\\ Google Chrome v

[ File : C:\Users\Karol\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [41489 octets] - [27/09/2013 12:05:37]
AdwCleaner[S0].txt - [41795 octets] - [27/09/2013 12:14:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [41856 octets] ##########
Logged
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #17 on: September 27, 2013, 12:48:47 PM »

Um I did a full scan out of habit. :-( sorry. here is the log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Karol :: KAROL-PC [administrator]

9/27/2013 12:25:29 PM
mbam-log-2013-09-27 (12-25-29).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 433225
Time elapsed: 1 hour(s), 19 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Users\Karol\AppData\Local\Temp\ct3289847 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 26
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WhiteSmoke_New\WhiteSmoke_NewToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Karol\AppData\Local\Conduit\CT3289847\WhiteSmoke_NewAutoUpdateHelper.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DY0HUDPG\WhiteSmoke_New[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OLMYQGI4\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OLMYQGI4\WhiteSmoke_New_wpf[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VGA5XULG\setup__155[1].exe (PUP.Optional.Amonetize.AS) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VGA5XULG\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\dlLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\chlogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\fflogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\ielogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\Downloads\Setup (1).exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\CT3289847.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\CT3289847.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\iedump.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Karol\AppData\Local\Temp\ct3289847\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)
----------------------------

Do i do the combofix download and instructions from that previous post of yours now then?
Logged
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #18 on: September 28, 2013, 07:43:59 AM »

Yes run ComboFix.  MrC
Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #19 on: September 28, 2013, 10:11:20 AM »

ComboFix 13-09-26.03 - Karol 09/28/2013  10:50:00.3.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2815.1841 [GMT -4:00]
Running from: c:\users\Karol\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Karol\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Karol\g2mdlhlpx.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-28 to 2013-09-28  )))))))))))))))))))))))))))))))
.
.
2013-09-28 15:02 . 2013-09-28 15:02   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-09-28 15:02 . 2013-09-28 15:02   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
2013-09-28 15:02 . 2013-09-28 15:02   --------   d-----w-   c:\users\Public\AppData\Local\temp
2013-09-28 15:02 . 2013-09-28 15:02   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-09-27 16:05 . 2013-09-27 16:15   --------   d-----w-   C:\AdwCleaner
2013-09-26 21:13 . 2013-09-26 21:13   --------   d-----w-   c:\program files (x86)\FileOpenerPro
2013-09-26 01:59 . 2013-09-26 02:20   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-20 23:13 . 2013-09-20 23:13   --------   d-----w-   c:\program files (x86)\Common Files\Java
2013-09-20 23:11 . 2013-09-20 23:10   96168   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-20 12:14 . 2013-09-20 12:14   --------   d-----w-   c:\program files\iPod
2013-09-20 12:14 . 2013-09-20 12:15   --------   d-----w-   c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 12:14 . 2013-09-20 12:15   --------   d-----w-   c:\program files\iTunes
2013-09-20 12:14 . 2013-09-20 12:15   --------   d-----w-   c:\program files (x86)\iTunes
2013-09-19 22:08 . 2013-09-20 23:13   --------   d-----w-   c:\programdata\Oracle
2013-09-10 22:46 . 2013-08-05 02:25   155584   ----a-w-   c:\windows\system32\drivers\ataport.sys
2013-09-10 22:46 . 2013-08-08 01:20   3155456   ----a-w-   c:\windows\system32\win32k.sys
2013-09-08 15:26 . 2013-09-08 15:26   --------   d-----w-   c:\windows\DCF0D853BC4E4EE6A0116B9BC84CF8F9.TMP
2013-09-03 13:53 . 2013-09-03 13:53   187248   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 23:10 . 2012-07-01 19:12   868264   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2013-09-20 23:10 . 2010-06-11 14:03   790440   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2013-09-20 14:23 . 2012-08-17 19:59   692616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 14:23 . 2011-05-16 12:34   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 07:09 . 2010-03-11 18:15   79143768   ----a-w-   c:\windows\system32\MRT.exe
2013-08-30 07:48 . 2013-03-16 15:42   204880   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-03-16 15:42   65336   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2012-08-12 22:22   378944   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2012-08-12 22:22   72016   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2012-08-12 22:22   64288   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2012-08-12 22:22   1030952   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2012-08-12 22:22   33400   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2012-08-12 22:22   80816   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2012-08-12 22:21   41664   ----a-w-   c:\windows\avastSS.scr
2013-08-30 07:47 . 2011-01-17 17:50   287840   ----a-w-   c:\windows\system32\aswBoot.exe
2013-08-02 01:48 . 2013-09-10 22:45   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-14 02:10   1888768   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 02:09   1620992   ----a-w-   c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 02:10   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 02:10   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2013-07-16 07:04 . 2013-07-16 07:04   97280   ----a-w-   c:\windows\system32\mshtmled.dll
2013-07-16 07:04 . 2013-07-16 07:04   905728   ----a-w-   c:\windows\system32\mshtmlmedia.dll
2013-07-16 07:04 . 2013-07-16 07:04   81408   ----a-w-   c:\windows\system32\icardie.dll
2013-07-16 07:04 . 2013-07-16 07:04   762368   ----a-w-   c:\windows\system32\ieapfltr.dll
2013-07-16 07:04 . 2013-07-16 07:04   73728   ----a-w-   c:\windows\SysWow64\SetIEInstalledDate.exe
2013-07-16 07:04 . 2013-07-16 07:04   719360   ----a-w-   c:\windows\SysWow64\mshtmlmedia.dll
2013-07-16 07:04 . 2013-07-16 07:04   61952   ----a-w-   c:\windows\SysWow64\tdc.ocx
2013-07-16 07:04 . 2013-07-16 07:04   599552   ----a-w-   c:\windows\system32\vbscript.dll
2013-07-16 07:04 . 2013-07-16 07:04   523264   ----a-w-   c:\windows\SysWow64\vbscript.dll
2013-07-16 07:04 . 2013-07-16 07:04   48640   ----a-w-   c:\windows\SysWow64\mshtmler.dll
2013-07-16 07:04 . 2013-07-16 07:04   452096   ----a-w-   c:\windows\system32\dxtmsft.dll
2013-07-16 07:04 . 2013-07-16 07:04   441856   ----a-w-   c:\windows\system32\html.iec
2013-07-16 07:04 . 2013-07-16 07:04   38400   ----a-w-   c:\windows\SysWow64\imgutil.dll
2013-07-16 07:04 . 2013-07-16 07:04   361984   ----a-w-   c:\windows\SysWow64\html.iec
2013-07-16 07:04 . 2013-07-16 07:04   281600   ----a-w-   c:\windows\system32\dxtrans.dll
2013-07-16 07:04 . 2013-07-16 07:04   27648   ----a-w-   c:\windows\system32\licmgr10.dll
2013-07-16 07:04 . 2013-07-16 07:04   270848   ----a-w-   c:\windows\system32\iedkcs32.dll
2013-07-16 07:04 . 2013-07-16 07:04   247296   ----a-w-   c:\windows\system32\webcheck.dll
2013-07-16 07:04 . 2013-07-16 07:04   235008   ----a-w-   c:\windows\system32\url.dll
2013-07-16 07:04 . 2013-07-16 07:04   23040   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2013-07-16 07:04 . 2013-07-16 07:04   226304   ----a-w-   c:\windows\system32\elshyph.dll
2013-07-16 07:04 . 2013-07-16 07:04   216064   ----a-w-   c:\windows\system32\msls31.dll
2013-07-16 07:04 . 2013-07-16 07:04   197120   ----a-w-   c:\windows\system32\msrating.dll
2013-07-16 07:04 . 2013-07-16 07:04   185344   ----a-w-   c:\windows\SysWow64\elshyph.dll
2013-07-16 07:04 . 2013-07-16 07:04   167424   ----a-w-   c:\windows\system32\iexpress.exe
2013-07-16 07:04 . 2013-07-16 07:04   158720   ----a-w-   c:\windows\SysWow64\msls31.dll
2013-07-16 07:04 . 2013-07-16 07:04   1509376   ----a-w-   c:\windows\system32\inetcpl.cpl
2013-07-16 07:04 . 2013-07-16 07:04   150528   ----a-w-   c:\windows\SysWow64\iexpress.exe
2013-07-16 07:04 . 2013-07-16 07:04   144896   ----a-w-   c:\windows\system32\wextract.exe
2013-07-16 07:04 . 2013-07-16 07:04   1441280   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2013-07-16 07:04 . 2013-07-16 07:04   1400416   ----a-w-   c:\windows\system32\ieapfltr.dat
2013-07-16 07:04 . 2013-07-16 07:04   138752   ----a-w-   c:\windows\SysWow64\wextract.exe
2013-07-16 07:04 . 2013-07-16 07:04   137216   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2013-07-16 07:04 . 2013-07-16 07:04   12800   ----a-w-   c:\windows\SysWow64\mshta.exe
2013-07-16 07:04 . 2013-07-16 07:04   110592   ----a-w-   c:\windows\SysWow64\IEAdvpack.dll
2013-07-16 07:04 . 2013-07-16 07:04   1054720   ----a-w-   c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-16 07:04 . 2013-07-16 07:04   102912   ----a-w-   c:\windows\system32\inseng.dll
2013-07-16 07:04 . 2013-07-16 07:04   173568   ----a-w-   c:\windows\system32\ieUnatt.exe
2013-07-16 07:04 . 2013-07-16 07:04   92160   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2013-07-16 07:04 . 2013-07-16 07:04   77312   ----a-w-   c:\windows\system32\tdc.ocx
2013-07-16 07:04 . 2013-07-16 07:04   62976   ----a-w-   c:\windows\system32\pngfilt.dll
2013-07-16 07:04 . 2013-07-16 07:04   52224   ----a-w-   c:\windows\system32\msfeedsbs.dll
2013-07-16 07:04 . 2013-07-16 07:04   51200   ----a-w-   c:\windows\system32\imgutil.dll
2013-07-16 07:04 . 2013-07-16 07:04   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2013-07-16 07:04 . 2013-07-16 07:04   149504   ----a-w-   c:\windows\system32\occache.dll
2013-07-16 07:04 . 2013-07-16 07:04   13824   ----a-w-   c:\windows\system32\mshta.exe
2013-07-16 07:04 . 2013-07-16 07:04   136192   ----a-w-   c:\windows\system32\iepeers.dll
2013-07-16 07:04 . 2013-07-16 07:04   135680   ----a-w-   c:\windows\system32\IEAdvpack.dll
2013-07-16 07:04 . 2013-07-16 07:04   12800   ----a-w-   c:\windows\system32\msfeedssync.exe
2013-07-09 05:52 . 2013-08-14 02:12   224256   ----a-w-   c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 02:09   1217024   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 02:12   1472512   ----a-w-   c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 02:11   184320   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 02:11   139776   ----a-w-   c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 02:09   663552   ----a-w-   c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 02:11   175104   ----a-w-   c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 02:12   1166848   ----a-w-   c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 02:11   140288   ----a-w-   c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 02:11   103936   ----a-w-   c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-14 02:08   1910208   ----a-w-   c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
"RCUI"="c:\progra~2\RINGCE~1\RINGCE~3\RCUI.exe" [2013-04-08 493872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2013-07-23 103936]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-18 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Marketsplash Print Software.lnk - c:\program files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe [2010-10-11 93752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys;c:\windows\SYSNATIVE\DRIVERS\FlyUsb.sys
R3 PAC7311;Trust Webcam 14839;c:\windows\system32\DRIVERS\PA707UCM.SYS;c:\windows\SYSNATIVE\DRIVERS\PA707UCM.SYS
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe
S0 aswRvrt;aswRvrt;
S0 aswVmm;aswVmm;
S1 aswKbd;aswKbd;
S1 aswSnx;aswSnx;
S1 aswSP;aswSP;
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe;c:\program files (x86)\eMachines\Registration\GregHSRW.exe
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 14:23]
.
2013-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-09 08:19]
.
2013-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-09 08:19]
.
2013-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3089664700-4270136456-2450259875-1002Core.job
- c:\users\Karol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-29 09:03]
.
2013-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3089664700-4270136456-2450259875-1002UA.job
- c:\users\Karol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-29 09:03]
.
2013-09-28 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2012-05-18 18:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47   133840   ----a-w-   c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 20:11   778704   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11   778704   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11   778704   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 20:11   778704   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 20:11   778704   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 20:11   778704   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-IECT3289847 - c:\programdata\Conduit\IE\CT3289847\UninstallerUI.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-28  11:06:41
ComboFix-quarantined-files.txt  2013-09-28 15:06
.
Pre-Run: 365,975,445,504 bytes free
Post-Run: 366,308,462,592 bytes free
.
- - End Of File - - CBCA5EA5E49A2647D9361FD233816557
70E629B51C16B3C007730C6AE57144C9


------------------------------
after this ran I had MBAM pop up (I thought it was disabled!) and it had a bunch of pups.
wouldn't let me see the log - didn't have one dated today either. weird.

What's next, and thanks again!
---------
Logged
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #20 on: September 28, 2013, 12:43:19 PM »

When you ran AdwCleaner I noticed you didn't delete everything that was found.
Could you go back and run it again and this time make sure everything is deleted.

Then re-run Malwarebytes:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

--------------------------

What browsers are being effected??

--------------------------

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC




Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #21 on: September 28, 2013, 01:50:30 PM »

Ran adware - rebooted - here is the report as I cannot tell if everything got deleted or not.

# AdwCleaner v3.005 - Report created 28/09/2013 at 14:45:44
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Karol - KAROL-PC
# Running from : C:\Users\Karol\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Karol\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Karol\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Karol\AppData\Roaming\DSite
Folder Deleted : C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\Conduit
Folder Deleted : C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\ConduitCommon
Folder Deleted : C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\CT3289847
Folder Deleted : C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\Extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
File Deleted : C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\\invalidprefs.js

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Karol\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [41489 octets] - [27/09/2013 12:05:37]
AdwCleaner[R1].txt - [1845 octets] - [28/09/2013 14:43:10]
AdwCleaner[S0].txt - [41941 octets] - [27/09/2013 12:14:26]
AdwCleaner[S1].txt - [1796 octets] - [28/09/2013 14:45:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1856 octets] ##########
----------------------

On to MBAM and Farbar - Thank you again!
Logged
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #22 on: September 28, 2013, 02:08:16 PM »

MBAM Log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.28.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Karol :: KAROL-PC [administrator]

9/28/2013 2:51:38 PM
mbam-log-2013-09-28 (14-51-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 227704
Time elapsed: 9 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
--------------------------

As I stated previously I only use Chrome  [I work online and that is required for my main client]
Other browsers are probably still installed but I'm a Chrome Girl. :-)

on to FARBAR
Logged
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #23 on: September 28, 2013, 02:17:44 PM »

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by Karol (administrator) on KAROL-PC on 28-09-2013 15:10:05
Running from C:\Users\Karol\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7311\Monitor.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(RingCentral, Inc.) C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCUI.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Google Inc.) C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Karol\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC7311\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKCU\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKCU\...\Run: [RCUI] - C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCUI.exe [493872 2013-04-08] (RingCentral, Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [103936 2013-07-23] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-21] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-21] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-rog
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF ProfilePath: C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Karol\AppData\Local\Citrix\Plugins\79\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Karol\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Karol\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Karol\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Karol\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\Extensions\nostmp
FF Extension: No Name - C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\Extensions\staged
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF Extension: amznUWL2 - C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\c6n5aiwk.default\Extensions\amznUWL2@amazon.com.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Karol\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Karol\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Karol\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (iLinc Communications Netscape/Mozilla Install Plugin v 11.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPCltInst11.dll (iLinc Communications, Inc.)
CHR Plugin: (E-centives Coupon Activator Netscape Plugin v. 4.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Invenda Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Karol\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Java(TM) Platform SE 7 U40) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Karol\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.79) - C:\Users\Karol\AppData\Local\Citrix\Plugins\79\npappdetector.dll (Citrix Online)
CHR Plugin: (Google Update) - C:\Users\Karol\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Facebook Plugin) - C:\Users\Karol\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.400.43) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\Karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (Gmail) - C:\Users\Karol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S3 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)
S4 clr_optimization_v2.0.50727_64; %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-09-28] (LeapFrog)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [602112 2006-11-08] (PixArt Imaging Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-28 15:09 - 2013-09-28 15:09 - 01953880 _____ (Farbar) C:\Users\Karol\Downloads\FRST64.exe
2013-09-28 15:09 - 2013-09-28 15:09 - 00000000 ____D C:\FRST
2013-09-28 15:08 - 2013-09-28 15:08 - 01086873 _____ (Farbar) C:\Users\Karol\Downloads\FRST.exe
2013-09-28 11:06 - 2013-09-28 11:06 - 00024317 _____ C:\ComboFix.txt
2013-09-28 10:46 - 2013-09-28 11:06 - 00000000 ____D C:\Qoobox
2013-09-28 10:46 - 2013-09-28 11:06 - 00000000 ____D C:\ComboFix
2013-09-28 10:46 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-28 10:46 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-28 10:46 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-28 10:46 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-28 10:46 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-28 10:46 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-28 10:46 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-28 10:46 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-28 10:44 - 2013-09-28 10:44 - 05129766 ____R (Swearware) C:\Users\Karol\Downloads\ComboFix.exe
2013-09-27 12:05 - 2013-09-28 14:46 - 00000000 ____D C:\AdwCleaner
2013-09-27 11:54 - 2013-09-27 11:55 - 01042066 _____ C:\Users\Karol\Downloads\AdwCleaner.exe
2013-09-26 17:13 - 2013-09-26 17:13 - 00000000 ____D C:\Program Files (x86)\FileOpenerPro
2013-09-25 21:59 - 2013-09-25 22:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-25 21:58 - 2013-09-26 16:10 - 00000000 ____D C:\Users\Karol\Desktop\mbar
2013-09-25 21:57 - 2013-09-25 21:58 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Karol\Downloads\mbar-1.07.0.1005.exe
2013-09-25 21:41 - 2013-09-25 21:41 - 00688992 _____ (Swearware) C:\Users\Karol\Downloads\dds (1).com
2013-09-25 21:29 - 2013-09-25 21:29 - 00001979 _____ C:\Users\Karol\Desktop\RKreport[0]_S_09252013_212949.txt
2013-09-25 21:26 - 2013-09-25 21:36 - 00000000 ____D C:\Users\Karol\Desktop\RK_Quarantine
2013-09-25 21:26 - 2013-09-25 21:26 - 00922112 _____ C:\Users\Karol\Downloads\RogueKiller.exe
2013-09-25 21:01 - 2013-09-25 21:01 - 00019182 _____ C:\Users\Karol\Desktop\dds.txt
2013-09-25 21:01 - 2013-09-25 21:01 - 00010790 _____ C:\Users\Karol\Desktop\attach.txt
2013-09-25 20:58 - 2013-09-25 20:58 - 00688992 ____R (Swearware) C:\Users\Karol\Downloads\dds.com
2013-09-23 19:22 - 2013-09-23 19:38 - 00000000 ____D C:\Users\Karol\Desktop\Nick
2013-09-20 19:11 - 2013-09-20 19:10 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-20 19:11 - 2013-09-20 19:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-20 19:11 - 2013-09-20 19:10 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-20 19:11 - 2013-09-20 19:10 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-20 08:15 - 2013-09-20 08:15 - 00001792 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-20 08:14 - 2013-09-20 08:15 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 08:14 - 2013-09-20 08:15 - 00000000 ____D C:\Program Files\iTunes
2013-09-20 08:14 - 2013-09-20 08:15 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-20 08:14 - 2013-09-20 08:14 - 00000000 ____D C:\Program Files\iPod
2013-09-19 18:08 - 2013-09-20 19:13 - 00000000 ____D C:\ProgramData\Oracle
2013-09-19 17:52 - 2013-09-19 17:52 - 29036456 _____ (Oracle Corporation) C:\Users\Karol\Downloads\jre-7u40-windows-i586.exe
2013-09-15 19:16 - 2013-09-15 19:22 - 00000000 ____D C:\Users\Karol\Desktop\Second Grade
2013-09-13 18:41 - 2013-09-13 18:41 - 00268264 _____ (Citrix Online) C:\Users\Karol\Downloads\Citrix Online Launcher.exe
2013-09-12 13:08 - 2013-09-19 19:01 - 00543036 ____H C:\Users\Karol\Desktop\~WRL1237.tmp
2013-09-12 13:08 - 2013-09-15 20:09 - 00412217 ____H C:\Users\Karol\Desktop\~WRL1690.tmp
2013-09-11 03:12 - 2013-08-10 01:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 03:12 - 2013-08-10 01:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 03:12 - 2013-08-10 01:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 03:12 - 2013-08-10 01:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 03:12 - 2013-08-10 01:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 03:12 - 2013-08-10 01:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 03:12 - 2013-08-10 01:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 03:12 - 2013-08-10 01:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 03:12 - 2013-08-10 01:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 03:12 - 2013-08-10 01:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 03:12 - 2013-08-10 01:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 03:12 - 2013-08-10 01:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 03:12 - 2013-08-10 01:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 03:12 - 2013-08-10 01:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 03:12 - 2013-08-09 23:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 03:12 - 2013-08-09 23:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 03:12 - 2013-08-09 23:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 03:12 - 2013-08-09 23:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 03:12 - 2013-08-09 23:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 03:12 - 2013-08-09 22:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 03:12 - 2013-08-09 22:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-10 18:46 - 2013-08-07 21:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-10 18:46 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-10 18:45 - 2013-08-01 22:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-10 18:45 - 2013-08-01 22:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-10 18:45 - 2013-08-01 22:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-10 18:45 - 2013-08-01 22:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-10 18:45 - 2013-08-01 22:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-10 18:45 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-10 18:45 - 2013-08-01 22:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-10 18:45 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-10 18:45 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-10 18:45 - 2013-08-01 21:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-10 18:45 - 2013-08-01 21:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-10 18:45 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-10 18:45 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-10 18:45 - 2013-08-01 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-10 18:45 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-10 18:45 - 2013-08-01 20:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-10 18:45 - 2013-08-01 20:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-10 18:45 - 2013-08-01 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-10 18:45 - 2013-08-01 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-10 18:45 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 18:45 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-10 18:45 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-10 18:45 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 18:45 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-10 18:45 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-08 22:09 - 2013-09-08 22:09 - 11076728 _____ (LeapFrog Enterprises, Inc.) C:\Users\Karol\Downloads\LeapFrogConnectSetup_LeapsterExplorer (3).exe
2013-09-08 22:07 - 2013-09-08 22:07 - 11076728 _____ (LeapFrog Enterprises, Inc.) C:\Users\Karol\Downloads\LeapFrogConnectSetup_LeapsterExplorer (2).exe
2013-09-08 11:46 - 2013-09-08 11:46 - 11076728 _____ (LeapFrog Enterprises, Inc.) C:\Users\Karol\Downloads\LeapFrogConnectSetup_LeapsterExplorer (1).exe
2013-09-08 11:26 - 2013-09-08 11:26 - 00000950 _____ C:\Users\Public\Desktop\LeapFrog Connect.lnk
2013-09-08 11:26 - 2013-09-08 11:26 - 00000000 ____D C:\Windows\DCF0D853BC4E4EE6A0116B9BC84CF8F9.TMP
2013-09-08 11:25 - 2013-09-08 11:25 - 11076728 _____ (LeapFrog Enterprises, Inc.) C:\Users\Karol\Downloads\LeapFrogConnectSetup_LeapsterExplorer.exe
2013-08-31 20:33 - 2013-08-31 20:33 - 02225131 _____ C:\Users\Karol\Downloads\jw-cult-brochure.zip

==================== One Month Modified Files and Folders =======

2013-09-28 15:09 - 2013-09-28 15:09 - 01953880 _____ (Farbar) C:\Users\Karol\Downloads\FRST64.exe
2013-09-28 15:09 - 2013-09-28 15:09 - 00000000 ____D C:\FRST
2013-09-28 15:08 - 2013-09-28 15:08 - 01086873 _____ (Farbar) C:\Users\Karol\Downloads\FRST.exe
2013-09-28 14:56 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-28 14:56 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-28 14:54 - 2010-01-27 06:19 - 01794819 _____ C:\Windows\WindowsUpdate.log
2013-09-28 14:49 - 2012-07-06 18:07 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-28 14:48 - 2012-05-18 18:20 - 00000472 _____ C:\Windows\Tasks\SDMsgUpdate (TE).job
2013-09-28 14:47 - 2010-03-09 04:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-28 14:47 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-28 14:47 - 2009-07-14 00:51 - 00087328 _____ C:\Windows\setupact.log
2013-09-28 14:46 - 2013-09-27 12:05 - 00000000 ____D C:\AdwCleaner
2013-09-28 14:46 - 2012-08-28 21:15 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3089664700-4270136456-2450259875-1002UA.job
2013-09-28 14:39 - 2010-03-09 04:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-28 14:23 - 2012-09-20 08:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-28 11:12 - 2009-10-29 08:49 - 00217740 _____ C:\Windows\PFRO.log
2013-09-28 11:06 - 2013-09-28 11:06 - 00024317 _____ C:\ComboFix.txt
2013-09-28 11:06 - 2013-09-28 10:46 - 00000000 ____D C:\Qoobox
2013-09-28 11:06 - 2013-09-28 10:46 - 00000000 ____D C:\ComboFix
2013-09-28 11:03 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2013-09-28 11:02 - 2010-03-08 22:32 - 00000000 ____D C:\Users\Karol
2013-09-28 10:45 - 2012-08-27 13:47 - 00000000 ____D C:\Windows\erdnt
2013-09-28 10:44 - 2013-09-28 10:44 - 05129766 ____R (Swearware) C:\Users\Karol\Downloads\ComboFix.exe
2013-09-27 21:46 - 2012-08-28 21:15 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3089664700-4270136456-2450259875-1002Core.job
2013-09-27 11:55 - 2013-09-27 11:54 - 01042066 _____ C:\Users\Karol\Downloads\AdwCleaner.exe
2013-09-27 08:57 - 2013-07-27 08:46 - 00000112 _____ C:\Users\Karol\AppData\Roaming\WB.CFG
2013-09-27 08:57 - 2013-06-17 08:46 - 00000005 _____ C:\Users\Karol\AppData\Roaming\WBPU-TTL.DAT
2013-09-26 17:13 - 2013-09-26 17:13 - 00000000 ____D C:\Program Files (x86)\FileOpenerPro
2013-09-26 16:10 - 2013-09-25 21:58 - 00000000 ____D C:\Users\Karol\Desktop\mbar
2013-09-25 22:20 - 2013-09-25 21:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-25 21:58 - 2013-09-25 21:57 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Karol\Downloads\mbar-1.07.0.1005.exe
2013-09-25 21:41 - 2013-09-25 21:41 - 00688992 _____ (Swearware) C:\Users\Karol\Downloads\dds (1).com
2013-09-25 21:36 - 2013-09-25 21:26 - 00000000 ____D C:\Users\Karol\Desktop\RK_Quarantine
2013-09-25 21:29 - 2013-09-25 21:29 - 00001979 _____ C:\Users\Karol\Desktop\RKreport[0]_S_09252013_212949.txt
2013-09-25 21:26 - 2013-09-25 21:26 - 00922112 _____ C:\Users\Karol\Downloads\RogueKiller.exe
2013-09-25 21:01 - 2013-09-25 21:01 - 00019182 _____ C:\Users\Karol\Desktop\dds.txt
2013-09-25 21:01 - 2013-09-25 21:01 - 00010790 _____ C:\Users\Karol\Desktop\attach.txt
2013-09-25 20:58 - 2013-09-25 20:58 - 00688992 ____R (Swearware) C:\Users\Karol\Downloads\dds.com
2013-09-23 19:38 - 2013-09-23 19:22 - 00000000 ____D C:\Users\Karol\Desktop\Nick
2013-09-23 08:23 - 2010-06-28 07:53 - 00000000 ____D C:\Users\Karol\AppData\Roaming\Apple Computer
2013-09-22 23:09 - 2013-07-25 18:20 - 00000000 ____D C:\Users\Karol\Desktop\Cosmetics
2013-09-20 19:13 - 2013-09-19 18:08 - 00000000 ____D C:\ProgramData\Oracle
2013-09-20 19:10 - 2013-09-20 19:11 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-20 19:10 - 2013-09-20 19:11 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-20 19:10 - 2013-09-20 19:11 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-20 19:10 - 2013-09-20 19:11 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-20 19:10 - 2012-07-01 15:12 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-09-20 19:10 - 2010-06-11 10:03 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-20 10:23 - 2012-09-20 08:59 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 10:23 - 2012-08-17 15:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 10:23 - 2011-05-16 08:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-20 08:15 - 2013-09-20 08:15 - 00001792 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-20 08:15 - 2013-09-20 08:14 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 08:15 - 2013-09-20 08:14 - 00000000 ____D C:\Program Files\iTunes
2013-09-20 08:15 - 2013-09-20 08:14 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-20 08:14 - 2013-09-20 08:14 - 00000000 ____D C:\Program Files\iPod
2013-09-19 19:01 - 2013-09-12 13:08 - 00543036 ____H C:\Users\Karol\Desktop\~WRL1237.tmp
2013-09-19 17:52 - 2013-09-19 17:52 - 29036456 _____ (Oracle Corporation) C:\Users\Karol\Downloads\jre-7u40-windows-i586.exe
2013-09-16 13:34 - 2009-07-14 01:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-15 20:09 - 2013-09-12 13:08 - 00412217 ____H C:\Users\Karol\Desktop\~WRL1690.tmp
2013-09-15 19:28 - 2013-06-04 08:48 - 00017026 _____ C:\Users\Karol\Desktop\TS-Bills.xlsx
2013-09-15 19:22 - 2013-09-15 19:16 - 00000000 ____D C:\Users\Karol\Desktop\Second Grade
2013-09-15 19:22 - 2013-07-27 11:01 - 00000000 ____D C:\Users\Karol\Desktop\Snap-July changes
2013-09-15 19:21 - 2013-05-10 10:44 - 00000000 ___RD C:\Users\Karol\Desktop\Kaden Files
2013-09-15 19:19 - 2012-02-06 13:25 - 00000000 ___RD C:\Users\Karol\Desktop\personal
2013-09-15 19:18 - 2012-08-26 19:28 - 00000000 ____D C:\Users\Karol\Desktop\Rosharon
2013-09-15 19:18 - 2012-02-06 13:25 - 00000000 ___RD C:\Users\Karol\Desktop\NEW TSL
2013-09-15 19:17 - 2012-07-26 21:49 - 00000000 ___RD C:\Users\Karol\Desktop\Business
2013-09-15 19:16 - 2013-05-10 10:45 - 00000000 ____D C:\Users\Karol\Desktop\Karol
2013-09-15 15:46 - 2010-03-09 21:36 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-14 03:03 - 2009-10-29 08:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 18:41 - 2013-09-13 18:41 - 00268264 _____ (Citrix Online) C:\Users\Karol\Downloads\Citrix Online Launcher.exe
2013-09-11 04:23 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-09-11 03:34 - 2010-03-08 22:35 - 00000000 ___RD C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 03:34 - 2010-03-08 22:35 - 00000000 ___RD C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 03:33 - 2009-07-14 00:45 - 00428936 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 03:12 - 2013-08-14 03:03 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 03:09 - 2010-03-11 14:15 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-08 22:09 - 2013-09-08 22:09 - 11076728 _____ (LeapFrog Enterprises, Inc.) C:\Users\Karol\Downloads\LeapFrogConnectSetup_LeapsterExplorer (3).exe
2013-09-08 22:07 - 2013-09-08 22:07 - 11076728 _____ (LeapFrog Enterprises, Inc.) C:\Users\Karol\Downloads\LeapFrogConnectSetup_LeapsterExplorer (2).exe
2013-09-08 11:46 - 2013-09-08 11:46 - 11076728 _____ (LeapFrog Enterprises, Inc.) C:\Users\Karol\Downloads\LeapFrogConnectSetup_LeapsterExplorer (1).exe
2013-09-08 11:27 - 2012-09-10 18:56 - 00036412 _____ C:\Windows\DPINST.LOG
2013-09-08 11:26 - 2013-09-08 11:26 - 00000950 _____ C:\Users\Public\Desktop\LeapFrog Connect.lnk
2013-09-08 11:26 - 2013-09-08 11:26 - 00000000 ____D C:\Windows\DCF0D853BC4E4EE6A0116B9BC84CF8F9.TMP
2013-09-08 11:25 - 2013-09-08 11:25 - 11076728 _____ (LeapFrog Enterprises, Inc.) C:\Users\Karol\Downloads\LeapFrogConnectSetup_LeapsterExplorer.exe
2013-08-31 20:33 - 2013-08-31 20:33 - 02225131 _____ C:\Users\Karol\Downloads\jw-cult-brochure.zip
2013-08-30 03:48 - 2013-03-16 11:42 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 03:48 - 2013-03-16 11:42 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 03:48 - 2012-08-12 18:22 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 03:48 - 2012-08-12 18:22 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 03:48 - 2012-08-12 18:22 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 03:48 - 2012-08-12 18:22 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 03:48 - 2012-08-12 18:22 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 03:48 - 2012-08-12 18:22 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 03:47 - 2012-08-12 18:21 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-30 03:47 - 2011-01-17 13:50 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

Some content of TEMP:
====================
C:\Users\Karol\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 00:10

==================== End Of Log ============================

Report attached as requested - computer seems much faster, no longer encumbered at every turn (click) have we fixed it? I posted logs of my Nana and Papa's computers they keep telling me about weird things happening, they paid for GeekSquad for a year but always seemed to have one computer or another in the shop, these are relatively new machines. as soon as I get more paper I will print off that list of harmful helpers I saw related to this forum. that might help as they tend to get caught up in the click trap.
Logged
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #24 on: September 28, 2013, 08:08:29 PM »

It looks OK, How is it???

MrC
Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #25 on: September 28, 2013, 09:49:31 PM »

HOnestly it's faster and more responsive than I can remember it being since it was new!

THANK YOU!!!!
Logged
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #26 on: September 28, 2013, 09:52:41 PM »

Good.......


Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system.  Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #27 on: September 28, 2013, 10:38:40 PM »

will do tomorrow - I am overnight at the grandparent's helping with projects. they are in their late 70s.
:-)
Logged
K_Sweet
Jr. Member
**
Offline Offline

Date Registered:August 22, 2012, 11:35:37 AM
Posts: 93


« Reply #28 on: September 29, 2013, 11:29:18 AM »

Posting as  requested.

 Results of screen317's Security Check version 0.99.73 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.75.0.1300 
 JavaFX 2.1.1   
 Java 7 Update 40 
 Java version out of Date!
 Adobe Flash Player 11.8.800.168 
 Adobe Reader 10.1.8 Adobe Reader out of Date! 
 Mozilla Firefox 22.0 Firefox out of Date! 
 Google Chrome 29.0.1547.66 
 Google Chrome 29.0.1547.76 
 Google Chrome plugins... 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

--------------------
are we good?  yippee Can I do the dance of joy?
Logged
MrCharlie
Moderator
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« Reply #29 on: September 29, 2013, 12:12:22 PM »

Your Java is the correct version.

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adobe Reader 10.1.8 Adobe Reader out of Date!  <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

---------------------------

Mozilla Firefox 22.0 Firefox out of Date!  <----please check for an update if available

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files,  hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-----------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum,  MrC

Logged

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
Pages: 1 [2] 3   Go Up
  Print  
 
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!