Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Bad image  (Read 5788 times)

0 Members and 1 Guest are viewing this topic.

fahimchoud

    Topic Starter


    Newbie

    • Experience: Beginner
    • OS: Windows 7
    Bad image
    « on: July 01, 2013, 02:01:04 PM »
    i had run a a combofix so here is my log:
    ComboFix 13-06-30.01 - fahimchoud 07/01/2013   1:26.1.4 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5610.3250 [GMT -4:00]
    Running from: c:\users\fahimchoud\Desktop\ComboFix.exe
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\DealPly
    c:\program files (x86)\DealPly\DealPly.crx
    c:\program files (x86)\DealPly\DealPly.xpi
    c:\program files (x86)\DealPly\DealPlyIE64.dll
    c:\program files (x86)\DealPly\DealPlyUpdate.exe
    c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
    c:\program files (x86)\DealPly\icon.ico
    c:\program files (x86)\DealPly\uninst.exe
    c:\program files (x86)\DefaultTab
    c:\program files (x86)\DefaultTab\DefaultTab.crx
    c:\program files (x86)\DefaultTab\DefaultTabSearch.exe
    c:\program files (x86)\DefaultTab\uid
    c:\program files (x86)\DefaultTab\uninstaller.exe
    c:\program files\PrivacySafeGuard\PrIVacysafeguard.dll
    c:\users\fahimchoud\AppData\Local\dealcabby
    c:\users\fahimchoud\AppData\Local\dealcabby\license.txt
    c:\users\fahimchoud\AppData\Local\dealcabby\sqlite3.exe
    c:\users\fahimchoud\AppData\Local\dealcabby\uninst.exe
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\imdb_ie.ico
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\update.exe
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
    c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\bootstrap.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\defaults\preferences\prefs.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\harness-options.json
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\icon.png
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\icon64.png
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\install.rdf
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\locale\en-GB.json
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\locale\eo.json
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\locale\fr-FR.json
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\locales.json
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\page-mod.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\request.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\windows.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\data\content-proxy.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-content-symbiont.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-message-manager.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-trusted-document.html
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\data\worker.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\api-utils.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\base.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\byte-streams.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\channel.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\collection.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\loader.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\symbiont.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\worker.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\cortex.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\cuddlefish.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\dom\events.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\environment.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\errors.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\event\core.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\event\target.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\events.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\events\assembler.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\file.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\functional.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\globals!.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\hidden-frame.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\light-traits.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\list.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\match-pattern.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\memory.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\message-manager.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\namespace.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\observer-service.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\plain-text-console.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\preferences-service.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\process.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\querystring.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\runtime.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\sandbox.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\self!.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\system.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\events.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\observer.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\tab.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\utils.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\text-streams.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\timer.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traceback.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traits.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traits\core.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\unload.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\url.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\data.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\object.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\registry.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\thumbnail.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\uuid.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\window-utils.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\window\utils.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\dom.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\loader.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\observer.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\tabs.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xhr.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xpcom.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xul-app.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\dealcabby\lib\main.js
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\dealcabby\lib\main.js.old
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\[email protected]
    c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\[email protected]
    c:\users\Public\sdelevURL.tmp
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_BrowserDefendert
    -------\Service_DefaultTabSearch
    -------\Service_DefaultTabUpdate
    -------\Service_DefaultTabUpdate
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-06-01 to 2013-07-01  )))))))))))))))))))))))))))))))
    .
    .
    2013-07-01 05:53 . 2013-07-01 05:53   --------   d-----w-   c:\users\Default\AppData\Local\temp
    2013-07-01 05:06 . 2013-07-01 05:06   --------   d-----w-   c:\users\fbwuser
    2013-06-30 22:59 . 2013-06-30 22:59   --------   d-----w-   c:\users\fahimchoud\AppData\Local\Systweak
    2013-06-30 22:30 . 2013-06-30 23:12   --------   d-----w-   c:\program files\PeerGuardian2
    2013-06-30 20:01 . 2013-06-30 20:01   --------   d-----w-   c:\users\fahimchoud\AppData\Roaming\WinZip
    2013-06-30 20:01 . 2013-06-30 20:01   --------   d-----w-   c:\users\fahimchoud\AppData\Roaming\Search Protection
    2013-06-30 20:01 . 2013-06-30 20:01   --------   d-----w-   c:\program files (x86)\WinZip Driver Updater
    2013-06-30 19:58 . 2013-07-01 05:54   --------   d-----w-   c:\users\fahimchoud\AppData\Roaming\uTorrent
    2013-06-30 15:52 . 2013-06-30 15:52   --------   d-----w-   c:\program files (x86)\holasearch
    2013-06-30 15:51 . 2013-06-30 15:51   --------   d-----w-   c:\users\fahimchoud\AppData\Roaming\holasearch
    2013-06-30 14:32 . 2013-06-30 14:41   --------   d-----w-   c:\program files\Registry Easy
    2013-06-30 14:00 . 2013-06-30 14:00   --------   d-----w-   c:\users\fahimchoud\AppData\Roaming\Malwarebytes
    2013-06-30 14:00 . 2013-06-30 14:00   --------   d-----w-   c:\programdata\Malwarebytes
    2013-06-30 14:00 . 2013-06-30 14:00   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-06-30 14:00 . 2013-04-04 18:50   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
    2013-06-27 22:57 . 2013-06-28 05:41   177312   ----a-w-   c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2013-06-27 22:57 . 2013-06-27 22:57   --------   d-----w-   c:\program files\Symantec
    2013-06-27 22:57 . 2013-06-27 22:57   --------   d-----w-   c:\program files\Common Files\Symantec Shared
    2013-06-27 22:56 . 2013-06-30 07:01   --------   d-----w-   c:\windows\system32\drivers\N360x64
    2013-06-27 22:56 . 2013-06-27 22:56   --------   d-----w-   c:\program files (x86)\NortonInstaller
    2013-06-27 21:38 . 2013-06-27 21:39   --------   d-----w-   c:\users\fahimchoud\AppData\Local\Kjs.AppLife.Update
    2013-06-27 21:30 . 2013-06-27 21:30   --------   d-----w-   c:\programdata\Blio
    2013-06-27 21:30 . 2013-06-27 21:30   --------   d-----w-   c:\users\fahimchoud\AppData\Roaming\Blio
    2013-06-26 22:30 . 2013-06-26 22:30   562032   ----a-w-   c:\program files (x86)\Mozilla Firefox\Extensions\[email protected]\components\afurladvisor13.dll
    2013-06-25 04:39 . 2013-06-25 04:39   --------   d-----w-   c:\program files (x86)\PrivitizeVPN
    2013-06-25 04:39 . 2013-06-25 04:39   --------   d-----w-   c:\program files (x86)\hosts
    2013-06-25 04:22 . 2013-06-25 04:22   0   ----a-w-   c:\windows\SysWow64\sho103B.tmp
    2013-06-24 20:18 . 2013-06-24 20:18   --------   d-----w-   c:\windows\SysWow64\Hotspot Shield
    2013-06-24 20:17 . 2013-06-24 20:17   --------   d-----w-   c:\programdata\StarApp
    2013-06-24 07:48 . 2013-06-25 04:59   --------   d-----w-   c:\program files (x86)\MagniPic
    2013-06-24 07:47 . 2013-06-25 04:59   --------   d-----w-   c:\programdata\InstallMate
    2013-06-24 05:54 . 2013-06-24 05:55   --------   d-----w-   c:\program files (x86)\TornTV.com
    2013-06-24 05:54 . 2013-06-24 05:54   --------   d-----w-   c:\program files\Updater By SweetPacks
    2013-06-24 05:50 . 2013-06-24 05:50   --------   d-----w-   c:\program files (x86)\SweetIM
    2013-06-24 05:47 . 2013-06-24 05:47   --------   d-----w-   c:\windows\SysWow64\jmdp
    2013-06-24 05:47 . 2013-06-24 05:47   --------   d-----w-   c:\windows\SysWow64\ARFC
    2013-06-24 05:47 . 2013-05-27 08:58   1447728   ----a-w-   c:\windows\system32\dmwu.exe
    2013-06-24 05:47 . 2013-05-27 08:57   33792   ----a-w-   c:\windows\system32\ImHttpComm.dll
    2013-06-24 05:47 . 2013-06-24 05:47   --------   d-----w-   c:\windows\SysWow64\WNLT
    2013-06-24 05:38 . 2013-06-24 05:39   --------   d-----w-   c:\users\fahimchoud\AppData\Roaming\WebCake
    2013-06-24 05:38 . 2013-06-24 05:39   --------   d-----w-   c:\program files (x86)\WebCake
    2013-06-24 05:35 . 2013-06-24 05:35   --------   d-----w-   c:\users\fahimchoud\AppData\Local\PutLockerDownloader
    2013-06-24 05:35 . 2013-06-24 05:43   --------   d-----w-   c:\program files (x86)\FTDownloader.com
    2013-06-24 04:49 . 2013-06-24 05:00   --------   d-----w-   c:\users\fahimchoud\AppData\Local\vghd
    2013-06-24 04:43 . 2013-06-30 22:59   --------   d-----w-   c:\program files (x86)\Advanced File Optimizer
    2013-06-23 22:00 . 2013-06-23 22:00   --------   d-----w-   c:\users\fahimchoud\AppData\Roaming\Smith Micro
    2013-06-23 21:56 . 2013-06-23 21:56   --------   d-----w-   c:\program files (x86)\Smith Micro
    2013-06-23 18:48 . 2013-07-01 05:58   16152   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys
    2013-06-23 18:48 . 2013-06-23 18:48   --------   d-----w-   c:\users\fahimchoud\AppData\Local\SlimWare Utilities Inc
    2013-06-23 18:48 . 2013-06-23 18:48   --------   d-----w-   c:\program files (x86)\DriverUpdate
    2013-06-22 18:04 . 2013-06-30 15:44   --------   d-----w-   c:\program files (x86)\ExpressFiles
    2013-06-22 18:04 . 2013-06-22 18:07   --------   d-----w-   c:\users\fahimchoud\AppData\Roaming\ExpressFiles
    2013-06-22 07:07 . 2013-06-22 07:07   --------   d-----w-   c:\users\fahimchoud\AppData\Local\fontconfig
    2013-06-22 07:07 . 2013-07-01 03:36   --------   d-----w-   c:\users\fahimchoud\.gimp-2.8
    2013-06-22 07:07 . 2013-06-22 07:07   --------   d-----w-   c:\users\fahimchoud\AppData\Local\gegl-0.2
    2013-06-21 17:51 . 2013-06-21 17:51   --------   d-----w-   c:\program files\Paint.NET
    2013-06-21 17:50 . 2013-06-24 04:53   --------   d-----w-   c:\users\fahimchoud\AppData\Local\Paint.NET
    2013-06-21 14:39 . 2013-06-22 07:04   --------   d-----w-   c:\program files\GIMP 2
    2013-06-21 08:18 . 2013-06-21 08:18   --------   d-----w-   c:\program files (x86)\Industriya
    2013-06-21 08:15 . 2013-06-21 08:15   --------   d-----w-   c:\users\fahimchoud\AppData\Roaming\DownLite
    2013-06-21 08:14 . 2013-06-21 08:14   --------   d-----w-   c:\users\fahimchoud\AppData\Roaming\Industriya
    2013-06-21 08:13 . 2013-06-21 08:14   --------   d-----w-   c:\program files (x86)\DownLite
    2013-06-21 01:07 . 2013-06-21 01:07   46792   ----a-w-   c:\windows\system32\drivers\hssdrv6.sys
    2013-06-20 19:05 . 2013-06-20 19:06   --------   d-----w-   c:\program files (x86)\SearchProtect
    2013-06-20 19:05 . 2013-06-20 19:10   --------   d-----w-   c:\users\fahimchoud\AppData\Roaming\SearchProtect
    2013-06-20 19:04 . 2013-06-20 19:04   --------   d-----w-   c:\program files (x86)\Conduit
    2013-06-20 19:04 . 2013-06-20 19:04   --------   d-----w-   c:\users\fahimchoud\AppData\Local\Conduit
    2013-06-20 17:59 . 2013-06-20 17:59   --------   d-----w-   C:\ID_CS2_UE_NonRet
    2013-06-20 14:00 . 2013-06-21 05:57   --------   d-----w-   c:\programdata\Hotspot Shield
    2013-06-20 13:59 . 2013-07-01 05:06   --------   d-----w-   c:\program files (x86)\Hotspot Shield
    2013-06-20 13:59 . 2012-07-12 21:13   405144   ----a-w-   c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
    2013-06-20 13:58 . 2013-06-20 13:58   --------   d-----w-   c:\program files (x86)\Common Files\DVDVideoSoft
    2013-06-20 13:58 . 2013-06-20 13:58   --------   d-----w-   c:\users\fahimchoud\AppData\Roaming\OpenCandy
    2013-06-20 13:58 . 2013-06-20 13:58   --------   d-----w-   c:\program files (x86)\DVDVideoSoft
    2013-06-20 13:53 . 2013-06-20 19:02   --------   d-----w-   c:\users\fahimchoud\AppData\Roaming\DVDVideoSoft
    2013-06-20 13:48 . 2013-06-20 14:14   --------   d-----w-   c:\users\fahimchoud\AppData\Local\Smartbar
    2013-06-20 13:48 . 2013-06-20 13:48   --------   d-----w-   c:\programdata\BrowserDefender
    2013-06-20 13:48 . 2013-06-20 13:48   --------   d-----w-   c:\program files (x86)\Delta
    2013-06-20 13:48 . 2013-06-20 13:48   --------   d-----w-   c:\users\fahimchoud\AppData\Roaming\BabSolution
    2013-06-20 13:47 . 2013-06-20 13:47   --------   d-----w-   c:\users\fahimchoud\AppData\Roaming\Delta
    2013-06-20 13:47 . 2013-06-24 05:38   --------   d-----w-   c:\programdata\Tarma Installer
    2013-06-20 13:46 . 2013-06-20 16:17   --------   d-----w-   c:\program files (x86)\YourFileDownloader
    2013-06-20 13:46 . 2013-06-20 13:49   --------   d-----w-   c:\users\fahimchoud\AppData\Roaming\YourFileDownloader
    2013-06-20 12:45 . 2013-06-20 12:45   --------   d-----w-   c:\users\fahimchoud\AppData\Local\VisualBeeClient
    2013-06-20 12:45 . 2013-06-20 12:45   --------   d-----w-   c:\users\fahimchoud\AppData\Local\VisualBeeExe
    2013-06-20 12:45 . 2013-06-20 12:45   --------   d-----w-   c:\programdata\VisualBee
    2013-06-20 12:44 . 2013-06-20 12:45   --------   d-----w-   c:\program files (x86)\VisualBee
    2013-06-20 12:44 . 2013-06-20 12:44   --------   d-----w-   c:\users\fahimchoud\AppData\Local\emaze
    2013-06-20 09:55 . 2013-06-20 09:55   0   ----a-w-   c:\windows\SysWow64\shoD059.tmp
    2013-06-19 15:55 . 2013-06-19 15:55   --------   d-----w-   c:\program files (x86)\Common Files\Adobe Systems Shared
    2013-06-19 15:45 . 2013-06-19 15:45   --------   d-----w-   C:\PhSp_CS2_UE_Ret
    2013-06-19 15:31 . 2013-06-12 03:08   9552976   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF2F58A8-40E7-4C61-9A72-85C83FC68DF1}\mpengine.dll
    2013-06-15 16:55 . 2013-06-15 16:55   --------   d-----w-   c:\users\fahimchoud\SyncFolder
    2013-06-15 16:34 . 2013-06-15 16:34   --------   d-----w-   C:\temp
    2013-06-15 16:34 . 2013-06-30 23:00   --------   d-----w-   c:\program files (x86)\MyPC Backup
    2013-06-15 16:33 . 2013-06-15 16:34   --------   d-----w-   c:\programdata\PCHealthBoost
    2013-06-11 07:34 . 2012-12-14 15:42   27088   ----a-w-   c:\windows\system32\authuitu.dll
    2013-06-11 07:34 . 2012-12-14 15:42   22480   ----a-w-   c:\windows\SysWow64\authuitu.dll
    2013-06-11 07:33 . 2013-06-11 07:33   --------   d-----w-   c:\program files (x86)\AVG
    2013-06-11 07:33 . 2013-06-11 07:34   --------   d-----w-   c:\programdata\AVG
    2013-06-11 07:32 . 2013-06-11 07:32   --------   d-sh--w-   c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2013-06-11 07:12 . 2013-06-11 07:12   51496   ----a-w-   c:\windows\system32\drivers\stflt.sys
    2013-06-07 01:48 . 2013-06-07 01:48   97280   ----a-w-   c:\windows\system32\mshtmled.dll
    2013-06-03 10:51 . 2013-06-03 10:51   9728   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-06-15 15:55 . 2012-09-05 23:20   75825640   ----a-w-   c:\windows\system32\MRT.exe
    2013-06-07 02:29 . 2012-08-12 23:55   692104   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
    2013-06-07 02:29 . 2011-11-08 18:21   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-07 02:29 . 2013-02-18 17:29   8610696   ----a-w-   c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-05-22 00:50 . 2012-11-07 02:53   325920   ----a-w-   c:\windows\SysWow64\Sendori.dll
    2013-05-16 02:52 . 2012-09-02 00:18   45856   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
    2013-05-16 02:51 . 2011-03-29 02:36   22240   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-05-02 06:06 . 2010-11-21 03:27   278800   ------w-   c:\windows\system32\MpSigStub.exe
    2013-05-01 02:15 . 2013-05-01 02:15   0   ----a-w-   c:\windows\SysWow64\shoB11F.tmp
    2013-04-24 19:28 . 2013-04-24 19:28   42184   ----a-w-   c:\windows\system32\drivers\taphss6.sys
    2013-04-13 05:49 . 2013-05-11 03:18   135168   ----a-w-   c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49 . 2013-05-11 03:18   350208   ----a-w-   c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49 . 2013-05-11 03:18   308736   ----a-w-   c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49 . 2013-05-11 03:18   111104   ----a-w-   c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45 . 2013-05-11 03:18   474624   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45 . 2013-05-11 03:18   2176512   ----a-w-   c:\windows\apppatch\AcGenral.dll
    2013-04-12 14:45 . 2013-04-19 05:47   1656680   ----a-w-   c:\windows\system32\drivers\ntfs.sys
    2013-04-10 05:24 . 2013-05-11 03:18   983912   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
    2013-04-10 05:24 . 2013-05-11 03:18   265064   ----a-w-   c:\windows\system32\drivers\dxgmms1.sys
    2013-04-10 03:30 . 2013-05-11 03:17   3153920   ----a-w-   c:\windows\system32\win32k.sys
    2013-04-02 14:09 . 2013-04-02 14:09   4550656   ----a-w-   c:\windows\SysWow64\GPhotos.scr
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110011501158}]
    2012-11-24 17:02   617352   ----a-w-   c:\program files (x86)\Shopping Sidekick\Shopping Sidekick.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311391106}]
    2013-06-20 12:45   749784   ----a-w-   c:\program files (x86)\VisualBee\VisualBee-bho.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}]
    2013-03-25 15:14   251288   ----a-w-   c:\program files (x86)\Industriya\privitize\1.8.16.22\bh\privitize.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
    2010-11-21 03:24   297808   ----a-w-   c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
    2013-05-16 15:11   169304   ----a-w-   c:\program files\Updater By SweetPacks\Extension32.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    2013-05-16 12:13   231712   ----a-w-   c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
    2013-05-20 10:02   295832   ----a-w-   c:\program files (x86)\Delta\delta\1.8.21.5\bh\delta.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E5C66DD8-308B-4a4f-AF0A-3D04F25B5343}]
    2010-11-21 03:24   297808   ----a-w-   c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2013-04-03 20:06   1310480   ----a-r-   c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
    2013-06-21 00:19   233288   ----a-w-   c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll" [2013-05-20 284056]
    "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2013-05-16 231712]
    "{1C46A0DD-D53E-46C4-A435-CA11103E255E}"= "c:\program files (x86)\Industriya\privitize\1.8.21.6\privitizeTlbr.dll" [2013-05-21 288152]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2013-04-03 1310480]
    .
    [HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
    [HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
    [HKEY_CLASSES_ROOT\delta.deltadskBnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
    .
    [HKEY_CLASSES_ROOT\clsid\{1c46a0dd-d53e-46c4-a435-ca11103e255e}]
    [HKEY_CLASSES_ROOT\privitize.privitizedskBnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
    [HKEY_CLASSES_ROOT\privitize.privitizedskBnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
    @="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
    [HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
    2010-11-21 03:24   297808   ----a-w-   c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36   130736   ----a-w-   c:\users\fahimchoud\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36   130736   ----a-w-   c:\users\fahimchoud\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36   130736   ----a-w-   c:\users\fahimchoud\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    "GoogleChromeAutoLaunch_67BBD50C5DDEAD22 4A17E88D81A99A9D"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
    "236AE4276A576475015F53DEBC3A2D54B039AA2 1._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
    "SearchProtect"="c:\users\fahimchoud\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
    "Browser Infrastructure Helper"="c:\users\fahimchoud\AppData\Local\Smartbar\Application\QuickShare.exe" [2013-06-16 20248]
    "WebCake Desktop"="c:\users\fahimchoud\AppData\Roaming\WebCake\WebCakeDesktop.exe" [2013-06-07 47896]
    "uTorrent"="c:\users\fahimchoud\AppData\Roaming\uTorrent\uTorrent.exe" [2013-06-30 1045072]
    "SearchProtection"="c:\users\fahimchoud\AppData\Roaming\Search Protection\SearchProtection.EXE" [2013-05-22 740712]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168]
    "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
    "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-04-26 103896]
    "Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-05-22 83232]
    "PCFixSpeed"="c:\program files (x86)\PCFixSpeed\PCFixTray.exe" [2012-11-30 383648]
    "24x7HELP"="c:\program files (x86)\24x7Help\App24x7Help.exe" [2013-03-12 1773648]
    "SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
    "PrivitizeVPN"="c:\program files (x86)\PrivitizeVPN\PrivitizeVPN.exe" [2013-06-25 196784]
    .
    c:\users\fahimchoud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    Dropbox.lnk - c:\users\fahimchoud\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
    MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2013-5-31 1934376]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\progra~3\BROWSE~2\261339~1.144\{C16C1~1\BrowserDefender.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages   REG_MULTI_SZ      scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    "HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

    R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe

    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

    R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe

    R3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1309000.009\ccSetx64.sys

    R3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe

    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe

    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS

    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS

    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS

    R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys

    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe

    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys

    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys

    S0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\System32\drivers\SMR311.SYS;c:\windows\SYSNATIVE\drivers\SMR311.SYS

    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS

    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS

    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys

    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130620.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130620.001\BHDrvx64.sys

    S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys

    S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys

    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130628.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130628.001\IDSvia64.sys

    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS

    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS

    S2 24x7HelpSvc;24x7HelpService;c:\program files (x86)\24x7Help\App24x7Svc.exe;c:\program files (x86)\24x7Help\App24x7Svc.exe

    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe

    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe

    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

    S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe

    S2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe

    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe

    S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe

    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

    S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe

    S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe

    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe

    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe

    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

    S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe

    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

    S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe

    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe

    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe

    S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe

    S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TUNEUP\TUNEUPUTILITIESSERVICE64.EXE;c:\program files (x86)\AVG\AVG PC TUNEUP\TUNEUPUTILITIESSERVICE64.EXE

    S2 Updater By SweetPacks;Updater By SweetPacks;c:\program files\Updater By SweetPacks\ExtensionUpdaterService.exe;c:\program files\Updater By SweetPacks\ExtensionUpdaterService.exe

    S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe

    S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe

    S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys

    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys

    S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys

    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys

    S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys

    S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys

    S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys

    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys

    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys

    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys

    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys

    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys

    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys

    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys

    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

    S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys

    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TUNEUP\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TUNEUP\TuneUpUtilitiesDriver64.sys

    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 02:29]
    .
    2013-07-01 c:\windows\Tasks\DriverUpdate Startup.job
    - c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22 19:26]
    .
    2013-07-01 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
    - c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-09-01 19:24]
    .
    2013-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 23:55]
    .
    2013-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 23:55]
    .
    2013-06-08 c:\windows\Tasks\HPCeeScheduleForfahimchoud.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
    .
    2013-06-30 c:\windows\Tasks\ReclaimerUpdateFiles_fahimchoud.job
    - c:\users\fahimchoud\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-15 16:12]
    .
    2013-06-30 c:\windows\Tasks\ReclaimerUpdateXML_fahimchoud.job
    - c:\users\fahimchoud\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-15 16:12]
    .
    2013-07-01 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_fahimchoud.job
    - c:\users\fahimchoud\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-15 16:12]
    .
    2013-02-18 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
    - c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-21 21:15]
    .
    2013-06-22 c:\windows\Tasks\SpeedyPC Pro.job
    - c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2013-05-03 19:38]
    .
    2013-06-30 c:\windows\Tasks\SpeedyPC Registration3.job
    - c:\windows\system32\rundll32.exe [2009-07-13 01:14]
    .
    2013-07-01 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
    - c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-06-10 18:37]
    .
    2013-06-24 c:\windows\Tasks\SpeedyPC Update Version3.job
    - c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-06-10 18:37]
    .
    2013-07-01 c:\windows\Tasks\VisualBee-chromeinstaller.job
    - c:\program files (x86)\VisualBee\VisualBee-chromeinstaller.exe [2013-06-20 12:44]
    .
    2013-07-01 c:\windows\Tasks\VisualBee-codedownloader.job
    - c:\program files (x86)\VisualBee\VisualBee-codedownloader.exe [2013-06-20 12:44]
    .
    2013-07-01 c:\windows\Tasks\VisualBee-enabler.job
    - c:\program files (x86)\VisualBee\VisualBee-enabler.exe [2013-06-20 12:45]
    .
    2013-07-01 c:\windows\Tasks\VisualBee-firefoxinstaller.job
    - c:\program files (x86)\VisualBee\VisualBee-firefoxinstaller.exe [2013-06-20 12:44]
    .
    2013-07-01 c:\windows\Tasks\VisualBee-updater.job
    - c:\program files (x86)\VisualBee\VisualBee-updater.exe [2013-06-20 12:45]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}]
    2012-08-05 20:26   105472   ----a-w-   c:\program files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
    @="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
    [HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
    2010-11-21 03:23   444752   ----a-w-   c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36   164016   ----a-w-   c:\users\fahimchoud\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36   164016   ----a-w-   c:\users\fahimchoud\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36   164016   ----a-w-   c:\users\fahimchoud\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36   164016   ----a-w-   c:\users\fahimchoud\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-12-18 00:50   755816   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-12-18 00:50   755816   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-12-18 00:50   755816   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-12-18 00:50   755816   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-10-08 1425408]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.yahoo.com?type=293224&fr=spigot-yhp-ie
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={F4E182BA-DC90-11E2-880B-C01885FE5578}
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyServer = http=127.0.0.1:8555
    uInternet Settings,ProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
    uSearchAssistant = hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=a4d569cb-9c00-4a8c-86c8-9b8018be6915&searchtype=ds&q={searchTerms}&installDate=20/06/2013
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\fahimchoud\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - c:\users\fahimchoud\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=a4d569cb-9c00-4a8c-86c8-9b8018be6915&searchtype=hp&installDate=20/06/2013
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e66b16fd000000000000c01885fe5578&q=
    FF - user.js: extensions.BabylonToolbar.id - e66b16fd000000000000c01885fe5578
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15588
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1221:14
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114066&tt=3612_1
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.funmoods.hmpg - true
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyD0F0EyDyDyBzztCyC0F0DtN0D0Tzu0CtAtBzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=598789131
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyD0F0EyDyDyBzztCyC0F0DtN0D0Tzu0CtAtBzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=598789131
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyD0F0EyDyDyBzztCyC0F0DtN0D0Tzu0CtAtBzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=598789131&q=
    FF - user.js: extensions.funmoods.id - C01885FE557816FD
    FF - user.js: extensions.funmoods.instlDay - 15668
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2212:0:39
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - adknlg
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - adknlg
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - e66b16fd00000000000000ffa4d3261a
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15878
    FF - user.js: extensions.delta.vrsn - 1.8.21.5
    FF - user.js: extensions.delta.vrsni - 1.8.21.5
    FF - user.js: extensions.delta.vrsnTs - 1.8.21.514:36
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta_i.babTrack - affID=122303&tt=180613_ndt2&tsp=4921
    FF - user.js: extensions.delta_i.babExt -
    FF - user.js: extensions.delta_i.srcExt - ss
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    FF - user.js: extentions.webcake.installId - cf7a16d5-299c-4bc6-a7b5-249863ea21b8
    FF - user.js: extentions.webcake.defaultEnableAppsLis t - layers,brain/features,newOffers/wc
    FF - user.js: extensions.privitize.hpOld0 - hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={F4E182BA-DC90-11E2-880B-C01885FE5578}
    FF - user.js: extensions.privitize.tlbrSrchUrl - hxxp://searchou.com/?id=e66b16fd00000000000000ffa4d3261a&q=
    FF - user.js: extensions.privitize.id - e66b16fd00000000000000ffa4d3261a
    FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}
    FF - user.js: extensions.privitize.instlDay - 15881
    FF - user.js: extensions.privitize.vrsn - 1.8.16.22
    FF - user.js: extensions.privitize.vrsni - 1.8.16.22
    FF - user.js: extensions.privitize.vrsnTs - 1.8.16.220:57
    FF - user.js: extensions.privitize.prtnrId - privitize
    FF - user.js: extensions.privitize.prdct - privitize
    FF - user.
    Logged

    SuperDave

    • Malware Removal Specialist
    • Moderator


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Bad image
    « Reply #1 on: July 01, 2013, 04:32:57 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *********************************************************************
    What sort of problem are you experiencing with your computer?

    Please download AdwCleaner by Xplode onto your Desktop.
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    ********************************************************
    Please download Malwarebytes Anti-Malware from here.
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
    *************************************************
    Please download Junkware Removal Tool to your desktop.

    Warning! Once the scan is complete JRT will shut down your browser with NO warning.

    Shut down your protection software now to avoid potential conflicts.

    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

    •The tool will open and start scanning your system.

    •Please be patient as this can take a while to complete depending on your system's specifications.

    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    •Copy and Paste the JRT.txt log into your next message.
    ***********************************************
    Download Security Check by screen317 from one of the following links and save it to your desktop.

    Link 1
    Link 2

    * Double-click Security Check.bat
    * Follow the on-screen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt
    * Post the contents of that document in your next reply.

    Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    battleplan



      Starter

      • Experience: Experienced
      • OS: Windows XP
      Re: Bad image
      « Reply #2 on: July 28, 2013, 04:59:39 AM »
      Comment removed.
      « Last Edit: July 28, 2013, 10:12:03 AM by evilfantasy »
      Logged
      Pages: [1]   Go Up
      « previous next »