Author Topic: virus (Read 10548 times)

emma · « **on:** November 09, 2012, 11:56:09 AM »

Hello so I got a virus on my computer and now it wont let me open any files i can run them as administrator but its a pain ive covered all the steps and these are the logs hope you can help

Emma

# AdwCleaner v2.007 - Logfile created 11/09/2012 at 18:22:33
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Emma-Louise - EMMALOUISE
# Boot Mode : Normal
# Running from : C:\Users\Emma-Louise\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
File Found : C:\user.js
File Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\searchplugins\BabylonMngr.xml
File Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\searchplugins\browsemngr.xml
File Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\searchplugins\Conduit.xml
File Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\searchplugins\funmoods.xml
File Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\searchplugins\MyStart Search.xml
File Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\searchplugins\Search_Results.xml
File Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\searchplugins\SearchResults.xml
File Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\searchplugins\SweetIm.xml
File Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\searchplugins\Web Search.xml
Folder Found : C:\Program Files (x86)\Windows jZip Toolbar
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\ProgramData\Anti-phishing Domain Advisor
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\wxDfast
Folder Found : C:\Users\Emma-Louise\AppData\Local\Conduit
Folder Found : C:\Users\Emma-Louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Found : C:\Users\Emma-Louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found : C:\Users\Emma-Louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Found : C:\Users\Emma-Louise\AppData\Local\Ilivid Player
Folder Found : C:\Users\Emma-Louise\AppData\LocalLow\Conduit
Folder Found : C:\Users\Emma-Louise\AppData\LocalLow\Funmoods
Folder Found : C:\Users\Emma-Louise\AppData\LocalLow\incredibar.com
Folder Found : C:\Users\Emma-Louise\AppData\LocalLow\wxDfast
Folder Found : C:\Users\Emma-Louise\AppData\Roaming\Babylon
Folder Found : C:\Users\Emma-Louise\AppData\Roaming\eType
Folder Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\ConduitCommon
Folder Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\CT2504091
Folder Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Folder Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\extensions\[email protected]
Folder Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\extensions\[email protected]
Folder Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\extensions\[email protected]
Folder Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\extensions\[email protected]
Folder Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\SweetIMToolbarData
Folder Found : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\SweetPacksToolbarData

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.09.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Emma-Louise :: EMMALOUISE [administrator]

09/11/2012 18:25:39
mbam-log-2012-11-09 (18-25-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220253
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCR\.exe\shell\open\command| (Hijack.ExeFile) -> Data: "C:\Users\Emma-Louise\AppData\Local\ypp.exe" -a "%1" %* -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCR\.exe| (Hijacked.exeFile) -> Bad: () Good: (exefile) -> Delete on reboot.

Folders Detected: 4
C:\ProgramData\wxDfast (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\ProgramData\wxDfast\data (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Users\Emma-Louise\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Emma-Louise\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.

Files Detected: 14
C:\Users\Emma-Louise\Downloads\Codec-C.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Emma-Louise\Downloads\DownloadSetup(1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Emma-Louise\Downloads\DownloadSetup(2).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Emma-Louise\Downloads\DownloadSetup(3).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Emma-Louise\Downloads\DownloadSetup(4).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Emma-Louise\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Emma-Louise\Downloads\etypesetup (1).exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
C:\Users\Emma-Louise\Downloads\etypesetup.exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
C:\Users\Emma-Louise\Downloads\Gimp_Setup.exe (Adware.IBryte) -> Quarantined and deleted successfully.
C:\ProgramData\wxDfast\background.html (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\ProgramData\wxDfast\content.js (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\ProgramData\wxDfast\settings.ini (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\ProgramData\wxDfast\data\content.js (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\ProgramData\wxDfast\data\jsondb.js (PUP.wxDfast) -> Quarantined and deleted successfully.

(end)

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_30
Run by Emma-Louise at 18:41:54 on 2012-11-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3037.1672 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\Drivers\WTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Windows\SysWOW64\WTClient.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Emma-Louise\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 26/07/2011 23:53:27
System Uptime: 09/11/2012 18:32:53 (0 hours ago)
.
Motherboard: Packard Bell | | imedia S1850
Processor: Pentium(R) Dual-Core CPU E6700 @ 3.20GHz | CPU 1 | 3203/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 259.847 GiB free.
D: is FIXED (NTFS) - 452 GiB total, 452.37 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart B110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart B110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: HP Photosmart B110
Device ID: ROOT\IMAGE\0000
Manufacturer: Hewlett-Packard
Name: HP Photosmart B110
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP125: 25/10/2012 03:00:13 - Windows Update
RP126: 01/11/2012 13:44:03 - Scheduled Checkpoint
RP127: 06/11/2012 23:26:01 - Installed AVG 2013
RP128: 06/11/2012 23:26:48 - Installed AVG 2013
RP129: 06/11/2012 23:58:44 - Removed AVG 2013
RP130: 07/11/2012 00:02:42 - Removed AVG 2013
.
==== Installed Programs ======================
.

?

Windows Live

? Windows Live

?? Windows Live

? ?? Windows Live

??

? Windows Live

?? ?? Windows Live
64 Bit HP CIO Components Installer
Acoustica Mixcraft 5
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin

SuperDave · « **Reply #1 on:** November 09, 2012, 01:25:51 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Remove the Adware:

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with OK
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

**************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
******************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

emma · « **Reply #2 on:** November 09, 2012, 01:57:53 PM »

ComboFix 12-11-09.02 - Emma-Louise 09/11/2012 20:47:12.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3037.1747 [GMT 0:00]
Running from: c:\users\Emma-Louise\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml
c:\users\Emma-Louise\AppData\Local\6o4v7yr6ikfw18072u
c:\users\Emma-Louise\AppData\Local\assembly\tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-09 20:53 . 2012-11-09 20:53   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-11-06 23:24 . 2012-11-09 20:43   --------   d-----w-   c:\users\Emma-Louise\AppData\Local\Avg2013
2012-11-06 23:24 . 2012-11-06 23:24   --------   d--h--w-   c:\programdata\Common Files
2012-11-06 23:24 . 2012-11-06 23:24   --------   d-----w-   c:\users\Emma-Louise\AppData\Local\MFAData
2012-10-23 22:13 . 2012-10-23 22:13   --------   d-----w-   c:\programdata\EA Core
2012-10-23 22:11 . 2012-10-23 22:09   447752   ----a-w-   c:\windows\SysWow64\vp6vfw.dll
2012-10-23 22:11 . 2012-10-23 22:11   --------   d-----w-   c:\program files (x86)\Microsoft WSE
2012-10-23 11:39 . 2012-10-23 21:20   --------   d-----w-   c:\program files (x86)\Origin Games
2012-10-23 11:39 . 2012-10-23 11:41   --------   d-----w-   c:\users\Emma-Louise\AppData\Roaming\Origin
2012-10-23 11:39 . 2012-10-23 11:39   --------   d-----w-   c:\users\Emma-Louise\AppData\Local\Origin
2012-10-23 11:38 . 2012-10-23 11:42   --------   d-----w-   c:\programdata\Origin
2012-10-23 11:38 . 2012-10-23 11:38   --------   d-----w-   c:\programdata\Electronic Arts
2012-10-23 11:38 . 2012-10-30 23:10   --------   d-----w-   c:\program files (x86)\Origin
2012-10-21 20:32 . 2012-10-21 20:33   --------   d-----w-   c:\users\Emma-Louise\AppData\Local\Skyrim
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 02:02 . 2011-07-31 11:06   65309168   ----a-w-   c:\windows\system32\MRT.exe
2012-10-08 23:39 . 2012-05-07 11:34   696760   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 23:39 . 2011-09-05 17:37   73656   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 23:39 . 2012-10-08 23:39   10220472   ----a-w-   c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-09-14 19:19 . 2012-10-09 18:48   2048   ----a-w-   c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-09 18:48   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-09 18:48   1659760   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-09 18:48   5559664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-09 18:48   3968880   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-09 18:48   3914096   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-09 18:48   220160   ----a-w-   c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-09 18:48   172544   ----a-w-   c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-22 22:57   17810944   ----a-w-   c:\windows\system32\mshtml.dll
2012-08-24 11:04 . 2011-09-25 18:12   175736   ----a-w-   c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-08-24 10:39 . 2012-09-22 22:57   10925568   ----a-w-   c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 22:58   2312704   ----a-w-   c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 22:58   1346048   ----a-w-   c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 22:58   1392128   ----a-w-   c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 22:58   1494528   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 22:58   237056   ----a-w-   c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 22:58   85504   ----a-w-   c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 22:58   173056   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 22:58   816640   ----a-w-   c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 22:58   599040   ----a-w-   c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 22:58   2144768   ----a-w-   c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 22:58   729088   ----a-w-   c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 22:58   96768   ----a-w-   c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 22:58   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 22:58   248320   ----a-w-   c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 22:58   1800704   ----a-w-   c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 22:58   1129472   ----a-w-   c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 22:58   1427968   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 22:58   142848   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 22:58   420864   ----a-w-   c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 22:58   2382848   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 06:42   1913200   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 06:43   950128   ----a-w-   c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 06:42   376688   ----a-w-   c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 06:42   288624   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 19:26   245760   ----a-w-   c:\windows\system32\OxpsConverter.exe
2012-08-21 12:01 . 2012-10-03 10:23   33240   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 12:01 . 2011-08-01 12:57   125872   ----a-w-   c:\windows\system32\GEARAspi64.dll
2012-08-21 12:01 . 2011-08-01 12:57   106928   ----a-w-   c:\windows\SysWow64\GEARAspi.dll
2012-08-20 18:48 . 2012-10-09 18:49   362496   ----a-w-   c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-09 18:49   243200   ----a-w-   c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-09 18:49   13312   ----a-w-   c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-09 18:49   215040   ----a-w-   c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-09 18:49   16384   ----a-w-   c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-09 18:49   424448   ----a-w-   c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-09 18:49   1162240   ----a-w-   c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-09 18:49   338432   ----a-w-   c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-09 18:49   4608   ---ha-w-   c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:49   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:49   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:49   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   6144   ---ha-w-   c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   4608   ---ha-w-   c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   4096   ---ha-w-   c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   4096   ---ha-w-   c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   4096   ---ha-w-   c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   4096   ---ha-w-   c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:49   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:49   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:49   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   5120   ---ha-w-   c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 18:48   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-09 18:49   14336   ----a-w-   c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-09 18:49   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-09 18:49   25600   ----a-w-   c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-09 18:49   5120   ----a-w-   c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-09 18:49   274944   ----a-w-   c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-09 18:49   5120   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 18:49   4608   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 18:49   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 18:49   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 18:49   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 18:49   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 18:49   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 18:49   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 18:49   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 18:49   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 18:49   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 18:49   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 18:49   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 18:49   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 18:49   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 18:49   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-09 1353080]
"Spotify Web Helper"="c:\users\Emma-Louise\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-29 1193176]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-10-30 3389080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"REGSHAVE"="c:\program files (x86)\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"WTClient"="WTClient.exe" [2009-08-19 32768]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-10-25 103896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\System32\Drivers\PTSimHid.sys [2009-06-18 17064]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS [2012-04-18 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-08-31 1385120]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20120925.001\IDSvia64.sys [2012-09-06 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [2012-04-18 405624]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-01-31 244624]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-10-25 793048]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-08-11 1014624]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2009-06-18 27304]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys

S4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys

S4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys

S4 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys

.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Avgldx64
*Deregistered* - Avgloga
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 23:39]
.
2012-11-09 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2012-01-23 13:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-13 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-13 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-13 409624]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3872234901-1952007532-487353888-1000\Software\SecuROM\License information*]
"datasecu"=hex:99,23,94,40,fb,c2,58,04,84,34,1d,c8,87,d7,3b,cf,f2,98,a3,6f,78,
cc,f0,07,df,7e,8c,f4,67,4b,c5,85,79,32,1a,7d,29,6e,bd,eb,d8,d0,9b,32,c2,ec,\
"rkeysecu"=hex:28,67,54,40,53,c5,de,f6,77,c5,dc,42,fc,3e,96,e1
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\05\17\11\12\00?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-09 20:56:51
ComboFix-quarantined-files.txt 2012-11-09 20:56
.
Pre-Run: 278,964,310,016 bytes free
Post-Run: 278,492,819,456 bytes free
.
- - End Of File - - 5C478143FF60B4A019625AA749421709

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Windows Firewall Disabled!
AVG Anti-Virus Free Edition 2013
Norton 360
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````[/u]
Norton ccSvcHst.exe
AVG avgwdsvc.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

# AdwCleaner v2.007 - Logfile created 11/09/2012 at 20:29:35
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Emma-Louise - EMMALOUISE
# Boot Mode : Normal
# Running from : C:\Users\Emma-Louise\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\searchplugins\BabylonMngr.xml
File Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\searchplugins\browsemngr.xml
File Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\searchplugins\funmoods.xml
File Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\searchplugins\SearchResults.xml
File Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\searchplugins\Web Search.xml
Folder Deleted : C:\Program Files (x86)\Windows jZip Toolbar
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Emma-Louise\AppData\Local\Conduit
Folder Deleted : C:\Users\Emma-Louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Deleted : C:\Users\Emma-Louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Deleted : C:\Users\Emma-Louise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Deleted : C:\Users\Emma-Louise\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Emma-Louise\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Emma-Louise\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Emma-Louise\AppData\LocalLow\wxDfast
Folder Deleted : C:\Users\Emma-Louise\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Emma-Louise\AppData\Roaming\eType
Folder Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\ConduitCommon
Folder Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\CT2504091
Folder Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Folder Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\extensions\[email protected]
Folder Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\extensions\[email protected]
Folder Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\extensions\[email protected]
Folder Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\extensions\[email protected]
Folder Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\SweetIMToolbarData
Folder Deleted : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\SweetPacksToolbarData

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Mediabarsh
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\DSNR Labs
Key Deleted : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D48C9EAD-F59F-4DEA-AC97-7065FEA79F42}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D48C9EAD-F59F-4DEA-AC97-7065FEA79F42}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1E48C56F-08CD-43AA-A6EF-C1EC891551AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D48C9EAD-F59F-4DEA-AC97-7065FEA79F42}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.babylon.com/?affID=112555&tt=031012_ccp_4012_5&babsrc=HP_ss&mntrId=4ef7d48600000000000068a3c4e83790 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=95861790-a52c-4bfe-b3e6-84799274a97d&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=112543&tt=3712_2&babsrc=HP_ss&mntrId=4ef7d48600000000000068a3c4e83790 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=95861790-a52c-4bfe-b3e6-84799274a97d&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=95861790-a52c-4bfe-b3e6-84799274a97d&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=GB&userid=95861790-a52c-4bfe-b3e6-84799274a97d&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\prefs.js

C:\Users\Emma-Louise\AppData\Roaming\Mozilla\Firefox\Profiles\bjbq7mdp.default\user.js ... Deleted !

Deleted : user_pref("CT2504091..clientLogIsEnabled", true);
Deleted : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2504091.AppTrackingLastCheckTime", "Sun Apr 01 2012 16:56:48 GMT+0100 (GMT Daylight Tim[...]
Deleted : user_pref("CT2504091.BrowserCompStateIsOpen_129704 896553650429", true);
Deleted : user_pref("CT2504091.BrowserCompStateIsOpen_129707 804829376918", true);
Deleted : user_pref("CT2504091.CTID", "CT2504091");
Deleted : user_pref("CT2504091.CurrentServerDate", "6-11-2012");
Deleted : user_pref("CT2504091.DSChangedManually", false);
Deleted : user_pref("CT2504091.DSInstall", true);
Deleted : user_pref("CT2504091.DSProtectChoice", true);
Deleted : user_pref("CT2504091.DSProtectCount", 1);
Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2504091.DialogsGetterLastCheckTime", "Sun Nov 04 2012 00:28:44 GMT+0000 (GMT Standard T[...]
Deleted : user_pref("CT2504091.DownloadReferralCookieData", "");
Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Thu May 03 2012 12:54:58 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2504091.FeedLastCount1290798404229641 31", 0);
Deleted : user_pref("CT2504091.FeedPollDate12889135116945714 0", "Fri Dec 30 2011 12:07:04 GMT+0000 (GMT Standa[...]
Deleted : user_pref("CT2504091.FeedPollDate12907984042296413 1", "Fri Dec 30 2011 12:07:04 GMT+0000 (GMT Standa[...]
Deleted : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Deleted : user_pref("CT2504091.FirstServerDate", "30-12-2011");
Deleted : user_pref("CT2504091.FirstTime", true);
Deleted : user_pref("CT2504091.FirstTimeFF3", true);
Deleted : user_pref("CT2504091.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2504091.HPInstall", true);
Deleted : user_pref("CT2504091.HasUserGlobalKeys", true);
Deleted : user_pref("CT2504091.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2504091.HomepageBeforeUnload", "hxxp://mystart.incredibar.com/mb119?a=6R840lOexg&i=26")[...]
Deleted : user_pref("CT2504091.Initialize", true);
Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);
Deleted : user_pref("CT2504091.InstallationAndCookieDataSent Count", 3);
Deleted : user_pref("CT2504091.InstallationId", "ConduitNSISIntegration");
Deleted : user_pref("CT2504091.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT2504091.InstalledDate", "Fri Dec 30 2011 12:07:01 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2504091.IsAlertDBUpdated", true);
Deleted : user_pref("CT2504091.IsGrouping", false);
Deleted : user_pref("CT2504091.IsInitSetupIni", true);
Deleted : user_pref("CT2504091.IsMulticommunity", false);
Deleted : user_pref("CT2504091.IsOpenThankYouPage", false);
Deleted : user_pref("CT2504091.IsOpenUninstallPage", false);
Deleted : user_pref("CT2504091.IsProtectorsInit", true);
Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Tue Nov 06 2012 00:28:45 GMT+0000 (GMT Standard Ti[...]
Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2504091.LastLogin_3.10.0.1", "Thu May 03 2012 12:54:58 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2504091.LastLogin_3.13.0.6", "Sun Jul 15 2012 14:04:48 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2504091.LastLogin_3.14.1.0", "Mon Aug 27 2012 18:29:08 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2504091.LastLogin_3.15.1.0", "Tue Nov 06 2012 23:09:46 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2504091.LastLogin_3.8.1.0", "Sun Mar 04 2012 19:32:00 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2504091.LatestVersion", "3.15.1.0");
Deleted : user_pref("CT2504091.Locale", "en-us");
Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2504091.MCDetectTooltipShow", false);
Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2504091.OriginalFirstVersion", "3.8.1.0");
Deleted : user_pref("CT2504091.SavedHomepage", "hxxp://www.google.co.uk/");
Deleted : user_pref("CT2504091.SearchCaption", "Web Search");
Deleted : user_pref("CT2504091.SearchEngineBeforeUnload", "Web Search");
Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Tue Nov 06 2012 00:28:44 GMT+0000 (GMT Standard [...]
Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2504091.SearchProtectorEnabled", false);
Deleted : user_pref("CT2504091.SearchProtectorToolbarDisable d", false);
Deleted : user_pref("CT2504091.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2504091.ServiceMapLastCheckTime", "Tue Nov 06 2012 00:28:47 GMT+0000 (GMT Standard Time[...]
Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Tue Nov 06 2012 23:09:46 GMT+0000 (GMT Standard Time)"[...]
Deleted : user_pref("CT2504091.SettingsLastUpdate", "1352142245");
Deleted : user_pref("CT2504091.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13");
Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Mon Apr 16 2012 22:30:40 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdat e", "1312887586");
Deleted : user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
Deleted : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2504091.UserID", "UN55285620653720342");
Deleted : user_pref("CT2504091.ValidationData_Search", 0);
Deleted : user_pref("CT2504091.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2504091.alertChannelId", "897164");
Deleted : user_pref("CT2504091.approveUntrustedApps", false);
Deleted : user_pref("CT2504091.autoDisableScopes", -1);
Deleted : user_pref("CT2504091.backendstorage.cb_firstuse010 0", "31");
Deleted : user_pref("CT2504091.backendstorage.cb_user_id_000", "43423632393934373931323035345F466972656 66F78")[...]
Deleted : user_pref("CT2504091.backendstorage.cbcountry_000", "4742");
Deleted : user_pref("CT2504091.backendstorage.cbfirsttime", "53756E204A616E20303820323031322031383A3 0323A31372[...]
Deleted : user_pref("CT2504091.backendstorage.shoppingapp.gk .exipres", "467269204D617920303420323031322032333A[...]
Deleted : user_pref("CT2504091.backendstorage.shoppingapp.gk .geolocation", "756E69746564206B696E67646F6D");
Deleted : user_pref("CT2504091.backendstorage.url_history", "687474703A2F2F7777772E646976782E636F6D2 F646F776E6[...]
Deleted : user_pref("CT2504091.backendstorage.url_history000 1", "687474703A2F2F7777772E66616365626F6F6B2 E636F6[...]
Deleted : user_pref("CT2504091.backendstorage.url_history_ti me", "31333237323831393636363736");
Deleted : user_pref("CT2504091.components.1000034", false);
Deleted : user_pref("CT2504091.components.129079840422182852", false);
Deleted : user_pref("CT2504091.components.129079840422339107", false);
Deleted : user_pref("CT2504091.components.129079840422964131", false);
Deleted : user_pref("CT2504091.components.129079849636241789", false);
Deleted : user_pref("CT2504091.components.129707804829376918", false);
Deleted : user_pref("CT2504091.components.3562342111233572", false);
Deleted : user_pref("CT2504091.components.4930556174285671", false);
Deleted : user_pref("CT2504091.components.7527685960312859", false);
Deleted : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2504091.globalFirstTimeInfoLastCheckT ime", "Wed May 02 2012 17:25:15 GMT+0100 (GMT Dayl[...]
Deleted : user_pref("CT2504091.homepageProtectorEnableByLogi n", true);
Deleted : user_pref("CT2504091.initDone", true);
Deleted : user_pref("CT2504091.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2504091.myStuffEnabled", true);
Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2504091.oldAppsList", "129079840421557838,129079840422026594,111,129079849636241789,129[...]
Deleted : user_pref("CT2504091.revertSettingsEnabled", true);
Deleted : user_pref("CT2504091.searchProtectorDialogDelayInS ec", 10);
Deleted : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2504091.testingCtid", "");
Deleted : user_pref("CT2504091.toolbarAppMetaDataLastCheckTi me", "Tue Nov 06 2012 00:28:46 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2504091.toolbarContextMenuLastCheckTi me", "Tue Apr 24 2012 23:49:30 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2504091.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2504091&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/UK", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Emma-Louise\\AppData\\Roaming\\Mozi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionIn stalled", "3.10.0.1");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSa vedUrl", "hxxp://search.sweetim.com/search.asp?src[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2504091");
Deleted : user_pref("CommunityToolbar.globalUserId", "0f720d10-7975-4761-aaf3-d152cd2541b1");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedI temTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFe edItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2504091");
Deleted : user_pref("CommunityToolbar.notifications.alertDia logsGetterLastCheckTime", "Sun Apr 29 2012 23:55:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInf oInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInf oLastCheckTime", "Wed May 02 2012 23:55:24 GMT+010[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsS erverUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginInt ervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLas tCheckTime", "Wed May 02 2012 23:55:17 GMT+0100 (G[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLas tUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageS howTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.services ServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTray Icon", false);
Deleted : user_pref("CommunityToolbar.notifications.userClos eIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "e1c65a91-86b8-43a8-ba71-d426316d7a60");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.co.uk/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "SweetIM Search");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&Sea[...]
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.3499ur3ur4hsssasasds3332s.sc ode", "(function(){try{if('aol.com,mail.google.com[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=112555&tt=3712_7");
Deleted : user_pref("extensions.BabylonToolbar.babext", "babExt");
Deleted : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 9);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "GB");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltlng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltsrch", "false");
Deleted : user_pref("extensions.BabylonToolbar.dp_alert", "newBlk");
Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.firstrun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "0691649F60FA95CED7BACC92868936AF");
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolb

emma · « **Reply #3 on:** November 09, 2012, 02:26:37 PM »

thank you so much it works again now

SuperDave · « **Reply #4 on:** November 09, 2012, 04:08:35 PM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*********************************************

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

nallavan · « **Reply #5 on:** January 16, 2013, 08:29:20 AM »

Comments removed.

Computer Hope Forum

News:

Author Topic: virus (Read 10548 times)

emma

virus

SuperDave

Re: virus

emma

Re: virus

emma

Re: virus

SuperDave

Re: virus

nallavan

Re: virus