Computer Hope
Software => Computer viruses and spyware => Topic started by: fahimchoud on July 01, 2013, 02:01:04 PM
-
i had run a a combofix so here is my log:
ComboFix 13-06-30.01 - fahimchoud 07/01/2013 1:26.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5610.3250 [GMT -4:00]
Running from: c:\users\fahimchoud\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\DealPly\DealPlyIE64.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\program files (x86)\DefaultTab
c:\program files (x86)\DefaultTab\DefaultTab.crx
c:\program files (x86)\DefaultTab\DefaultTabSearch.exe
c:\program files (x86)\DefaultTab\uid
c:\program files (x86)\DefaultTab\uninstaller.exe
c:\program files\PrivacySafeGuard\PrIVacysafeguard.dll
c:\users\fahimchoud\AppData\Local\dealcabby
c:\users\fahimchoud\AppData\Local\dealcabby\license.txt
c:\users\fahimchoud\AppData\Local\dealcabby\sqlite3.exe
c:\users\fahimchoud\AppData\Local\dealcabby\uninst.exe
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\imdb_ie.ico
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\update.exe
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\users\fahimchoud\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\bootstrap.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\defaults\preferences\prefs.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\harness-options.json
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\icon.png
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\icon64.png
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\install.rdf
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\locale\en-GB.json
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\locale\eo.json
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\locale\fr-FR.json
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\locales.json
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\page-mod.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\request.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\windows.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\data\content-proxy.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-content-symbiont.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-message-manager.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-trusted-document.html
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\data\worker.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\api-utils.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\base.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\byte-streams.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\channel.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\collection.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\loader.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\symbiont.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\worker.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\cortex.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\cuddlefish.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\dom\events.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\environment.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\errors.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\event\core.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\event\target.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\events.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\events\assembler.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\file.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\functional.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\globals!.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\hidden-frame.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\light-traits.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\list.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\match-pattern.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\memory.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\message-manager.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\namespace.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\observer-service.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\plain-text-console.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\preferences-service.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\process.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\querystring.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\runtime.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\sandbox.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\self!.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\system.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\events.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\observer.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\tab.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\utils.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\text-streams.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\timer.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traceback.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traits.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traits\core.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\unload.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\url.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\data.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\object.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\registry.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\thumbnail.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\uuid.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\window-utils.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\window\utils.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\dom.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\loader.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\observer.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\tabs.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xhr.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xpcom.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xul-app.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\dealcabby\lib\main.js
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\dealcabby@jetpack\resources\dealcabby\lib\main.js.old
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\[email protected]
c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\extensions\[email protected]
c:\users\Public\sdelevURL.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
-------\Service_DefaultTabSearch
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2013-06-01 to 2013-07-01 )))))))))))))))))))))))))))))))
.
.
2013-07-01 05:53 . 2013-07-01 05:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-01 05:06 . 2013-07-01 05:06 -------- d-----w- c:\users\fbwuser
2013-06-30 22:59 . 2013-06-30 22:59 -------- d-----w- c:\users\fahimchoud\AppData\Local\Systweak
2013-06-30 22:30 . 2013-06-30 23:12 -------- d-----w- c:\program files\PeerGuardian2
2013-06-30 20:01 . 2013-06-30 20:01 -------- d-----w- c:\users\fahimchoud\AppData\Roaming\WinZip
2013-06-30 20:01 . 2013-06-30 20:01 -------- d-----w- c:\users\fahimchoud\AppData\Roaming\Search Protection
2013-06-30 20:01 . 2013-06-30 20:01 -------- d-----w- c:\program files (x86)\WinZip Driver Updater
2013-06-30 19:58 . 2013-07-01 05:54 -------- d-----w- c:\users\fahimchoud\AppData\Roaming\uTorrent
2013-06-30 15:52 . 2013-06-30 15:52 -------- d-----w- c:\program files (x86)\holasearch
2013-06-30 15:51 . 2013-06-30 15:51 -------- d-----w- c:\users\fahimchoud\AppData\Roaming\holasearch
2013-06-30 14:32 . 2013-06-30 14:41 -------- d-----w- c:\program files\Registry Easy
2013-06-30 14:00 . 2013-06-30 14:00 -------- d-----w- c:\users\fahimchoud\AppData\Roaming\Malwarebytes
2013-06-30 14:00 . 2013-06-30 14:00 -------- d-----w- c:\programdata\Malwarebytes
2013-06-30 14:00 . 2013-06-30 14:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-30 14:00 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-27 22:57 . 2013-06-28 05:41 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-06-27 22:57 . 2013-06-27 22:57 -------- d-----w- c:\program files\Symantec
2013-06-27 22:57 . 2013-06-27 22:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-06-27 22:56 . 2013-06-30 07:01 -------- d-----w- c:\windows\system32\drivers\N360x64
2013-06-27 22:56 . 2013-06-27 22:56 -------- d-----w- c:\program files (x86)\NortonInstaller
2013-06-27 21:38 . 2013-06-27 21:39 -------- d-----w- c:\users\fahimchoud\AppData\Local\Kjs.AppLife.Update
2013-06-27 21:30 . 2013-06-27 21:30 -------- d-----w- c:\programdata\Blio
2013-06-27 21:30 . 2013-06-27 21:30 -------- d-----w- c:\users\fahimchoud\AppData\Roaming\Blio
2013-06-26 22:30 . 2013-06-26 22:30 562032 ----a-w- c:\program files (x86)\Mozilla Firefox\Extensions\[email protected]\components\afurladvisor13.dll
2013-06-25 04:39 . 2013-06-25 04:39 -------- d-----w- c:\program files (x86)\PrivitizeVPN
2013-06-25 04:39 . 2013-06-25 04:39 -------- d-----w- c:\program files (x86)\hosts
2013-06-25 04:22 . 2013-06-25 04:22 0 ----a-w- c:\windows\SysWow64\sho103B.tmp
2013-06-24 20:18 . 2013-06-24 20:18 -------- d-----w- c:\windows\SysWow64\Hotspot Shield
2013-06-24 20:17 . 2013-06-24 20:17 -------- d-----w- c:\programdata\StarApp
2013-06-24 07:48 . 2013-06-25 04:59 -------- d-----w- c:\program files (x86)\MagniPic
2013-06-24 07:47 . 2013-06-25 04:59 -------- d-----w- c:\programdata\InstallMate
2013-06-24 05:54 . 2013-06-24 05:55 -------- d-----w- c:\program files (x86)\TornTV.com
2013-06-24 05:54 . 2013-06-24 05:54 -------- d-----w- c:\program files\Updater By SweetPacks
2013-06-24 05:50 . 2013-06-24 05:50 -------- d-----w- c:\program files (x86)\SweetIM
2013-06-24 05:47 . 2013-06-24 05:47 -------- d-----w- c:\windows\SysWow64\jmdp
2013-06-24 05:47 . 2013-06-24 05:47 -------- d-----w- c:\windows\SysWow64\ARFC
2013-06-24 05:47 . 2013-05-27 08:58 1447728 ----a-w- c:\windows\system32\dmwu.exe
2013-06-24 05:47 . 2013-05-27 08:57 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-06-24 05:47 . 2013-06-24 05:47 -------- d-----w- c:\windows\SysWow64\WNLT
2013-06-24 05:38 . 2013-06-24 05:39 -------- d-----w- c:\users\fahimchoud\AppData\Roaming\WebCake
2013-06-24 05:38 . 2013-06-24 05:39 -------- d-----w- c:\program files (x86)\WebCake
2013-06-24 05:35 . 2013-06-24 05:35 -------- d-----w- c:\users\fahimchoud\AppData\Local\PutLockerDownloader
2013-06-24 05:35 . 2013-06-24 05:43 -------- d-----w- c:\program files (x86)\FTDownloader.com
2013-06-24 04:49 . 2013-06-24 05:00 -------- d-----w- c:\users\fahimchoud\AppData\Local\vghd
2013-06-24 04:43 . 2013-06-30 22:59 -------- d-----w- c:\program files (x86)\Advanced File Optimizer
2013-06-23 22:00 . 2013-06-23 22:00 -------- d-----w- c:\users\fahimchoud\AppData\Roaming\Smith Micro
2013-06-23 21:56 . 2013-06-23 21:56 -------- d-----w- c:\program files (x86)\Smith Micro
2013-06-23 18:48 . 2013-07-01 05:58 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-06-23 18:48 . 2013-06-23 18:48 -------- d-----w- c:\users\fahimchoud\AppData\Local\SlimWare Utilities Inc
2013-06-23 18:48 . 2013-06-23 18:48 -------- d-----w- c:\program files (x86)\DriverUpdate
2013-06-22 18:04 . 2013-06-30 15:44 -------- d-----w- c:\program files (x86)\ExpressFiles
2013-06-22 18:04 . 2013-06-22 18:07 -------- d-----w- c:\users\fahimchoud\AppData\Roaming\ExpressFiles
2013-06-22 07:07 . 2013-06-22 07:07 -------- d-----w- c:\users\fahimchoud\AppData\Local\fontconfig
2013-06-22 07:07 . 2013-07-01 03:36 -------- d-----w- c:\users\fahimchoud\.gimp-2.8
2013-06-22 07:07 . 2013-06-22 07:07 -------- d-----w- c:\users\fahimchoud\AppData\Local\gegl-0.2
2013-06-21 17:51 . 2013-06-21 17:51 -------- d-----w- c:\program files\Paint.NET
2013-06-21 17:50 . 2013-06-24 04:53 -------- d-----w- c:\users\fahimchoud\AppData\Local\Paint.NET
2013-06-21 14:39 . 2013-06-22 07:04 -------- d-----w- c:\program files\GIMP 2
2013-06-21 08:18 . 2013-06-21 08:18 -------- d-----w- c:\program files (x86)\Industriya
2013-06-21 08:15 . 2013-06-21 08:15 -------- d-----w- c:\users\fahimchoud\AppData\Roaming\DownLite
2013-06-21 08:14 . 2013-06-21 08:14 -------- d-----w- c:\users\fahimchoud\AppData\Roaming\Industriya
2013-06-21 08:13 . 2013-06-21 08:14 -------- d-----w- c:\program files (x86)\DownLite
2013-06-21 01:07 . 2013-06-21 01:07 46792 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-06-20 19:05 . 2013-06-20 19:06 -------- d-----w- c:\program files (x86)\SearchProtect
2013-06-20 19:05 . 2013-06-20 19:10 -------- d-----w- c:\users\fahimchoud\AppData\Roaming\SearchProtect
2013-06-20 19:04 . 2013-06-20 19:04 -------- d-----w- c:\program files (x86)\Conduit
2013-06-20 19:04 . 2013-06-20 19:04 -------- d-----w- c:\users\fahimchoud\AppData\Local\Conduit
2013-06-20 17:59 . 2013-06-20 17:59 -------- d-----w- C:\ID_CS2_UE_NonRet
2013-06-20 14:00 . 2013-06-21 05:57 -------- d-----w- c:\programdata\Hotspot Shield
2013-06-20 13:59 . 2013-07-01 05:06 -------- d-----w- c:\program files (x86)\Hotspot Shield
2013-06-20 13:59 . 2012-07-12 21:13 405144 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2013-06-20 13:58 . 2013-06-20 13:58 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-06-20 13:58 . 2013-06-20 13:58 -------- d-----w- c:\users\fahimchoud\AppData\Roaming\OpenCandy
2013-06-20 13:58 . 2013-06-20 13:58 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-06-20 13:53 . 2013-06-20 19:02 -------- d-----w- c:\users\fahimchoud\AppData\Roaming\DVDVideoSoft
2013-06-20 13:48 . 2013-06-20 14:14 -------- d-----w- c:\users\fahimchoud\AppData\Local\Smartbar
2013-06-20 13:48 . 2013-06-20 13:48 -------- d-----w- c:\programdata\BrowserDefender
2013-06-20 13:48 . 2013-06-20 13:48 -------- d-----w- c:\program files (x86)\Delta
2013-06-20 13:48 . 2013-06-20 13:48 -------- d-----w- c:\users\fahimchoud\AppData\Roaming\BabSolution
2013-06-20 13:47 . 2013-06-20 13:47 -------- d-----w- c:\users\fahimchoud\AppData\Roaming\Delta
2013-06-20 13:47 . 2013-06-24 05:38 -------- d-----w- c:\programdata\Tarma Installer
2013-06-20 13:46 . 2013-06-20 16:17 -------- d-----w- c:\program files (x86)\YourFileDownloader
2013-06-20 13:46 . 2013-06-20 13:49 -------- d-----w- c:\users\fahimchoud\AppData\Roaming\YourFileDownloader
2013-06-20 12:45 . 2013-06-20 12:45 -------- d-----w- c:\users\fahimchoud\AppData\Local\VisualBeeClient
2013-06-20 12:45 . 2013-06-20 12:45 -------- d-----w- c:\users\fahimchoud\AppData\Local\VisualBeeExe
2013-06-20 12:45 . 2013-06-20 12:45 -------- d-----w- c:\programdata\VisualBee
2013-06-20 12:44 . 2013-06-20 12:45 -------- d-----w- c:\program files (x86)\VisualBee
2013-06-20 12:44 . 2013-06-20 12:44 -------- d-----w- c:\users\fahimchoud\AppData\Local\emaze
2013-06-20 09:55 . 2013-06-20 09:55 0 ----a-w- c:\windows\SysWow64\shoD059.tmp
2013-06-19 15:55 . 2013-06-19 15:55 -------- d-----w- c:\program files (x86)\Common Files\Adobe Systems Shared
2013-06-19 15:45 . 2013-06-19 15:45 -------- d-----w- C:\PhSp_CS2_UE_Ret
2013-06-19 15:31 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF2F58A8-40E7-4C61-9A72-85C83FC68DF1}\mpengine.dll
2013-06-15 16:55 . 2013-06-15 16:55 -------- d-----w- c:\users\fahimchoud\SyncFolder
2013-06-15 16:34 . 2013-06-15 16:34 -------- d-----w- C:\temp
2013-06-15 16:34 . 2013-06-30 23:00 -------- d-----w- c:\program files (x86)\MyPC Backup
2013-06-15 16:33 . 2013-06-15 16:34 -------- d-----w- c:\programdata\PCHealthBoost
2013-06-11 07:34 . 2012-12-14 15:42 27088 ----a-w- c:\windows\system32\authuitu.dll
2013-06-11 07:34 . 2012-12-14 15:42 22480 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-06-11 07:33 . 2013-06-11 07:33 -------- d-----w- c:\program files (x86)\AVG
2013-06-11 07:33 . 2013-06-11 07:34 -------- d-----w- c:\programdata\AVG
2013-06-11 07:32 . 2013-06-11 07:32 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-06-11 07:12 . 2013-06-11 07:12 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-06-07 01:48 . 2013-06-07 01:48 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-03 10:51 . 2013-06-03 10:51 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-15 15:55 . 2012-09-05 23:20 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-07 02:29 . 2012-08-12 23:55 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-07 02:29 . 2011-11-08 18:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-07 02:29 . 2013-02-18 17:29 8610696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-22 00:50 . 2012-11-07 02:53 325920 ----a-w- c:\windows\SysWow64\Sendori.dll
2013-05-16 02:52 . 2012-09-02 00:18 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-05-16 02:51 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 06:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 02:15 . 2013-05-01 02:15 0 ----a-w- c:\windows\SysWow64\shoB11F.tmp
2013-04-24 19:28 . 2013-04-24 19:28 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-04-13 05:49 . 2013-05-11 03:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-11 03:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-11 03:18 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-11 03:18 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-11 03:18 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-11 03:18 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-19 05:47 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:24 . 2013-05-11 03:18 983912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:24 . 2013-05-11 03:18 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:30 . 2013-05-11 03:17 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110011501158}]
2012-11-24 17:02 617352 ----a-w- c:\program files (x86)\Shopping Sidekick\Shopping Sidekick.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311391106}]
2013-06-20 12:45 749784 ----a-w- c:\program files (x86)\VisualBee\VisualBee-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}]
2013-03-25 15:14 251288 ----a-w- c:\program files (x86)\Industriya\privitize\1.8.16.22\bh\privitize.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
2013-05-16 15:11 169304 ----a-w- c:\program files\Updater By SweetPacks\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2013-05-16 12:13 231712 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-05-20 10:02 295832 ----a-w- c:\program files (x86)\Delta\delta\1.8.21.5\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E5C66DD8-308B-4a4f-AF0A-3D04F25B5343}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2013-04-03 20:06 1310480 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2013-06-21 00:19 233288 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll" [2013-05-20 284056]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2013-05-16 231712]
"{1C46A0DD-D53E-46C4-A435-CA11103E255E}"= "c:\program files (x86)\Industriya\privitize\1.8.21.6\privitizeTlbr.dll" [2013-05-21 288152]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2013-04-03 1310480]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{1c46a0dd-d53e-46c4-a435-ca11103e255e}]
[HKEY_CLASSES_ROOT\privitize.privitizedskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\privitize.privitizedskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\fahimchoud\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\fahimchoud\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\fahimchoud\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"GoogleChromeAutoLaunch_67BBD50C5DDEAD22 4A17E88D81A99A9D"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
"236AE4276A576475015F53DEBC3A2D54B039AA2 1._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
"SearchProtect"="c:\users\fahimchoud\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
"Browser Infrastructure Helper"="c:\users\fahimchoud\AppData\Local\Smartbar\Application\QuickShare.exe" [2013-06-16 20248]
"WebCake Desktop"="c:\users\fahimchoud\AppData\Roaming\WebCake\WebCakeDesktop.exe" [2013-06-07 47896]
"uTorrent"="c:\users\fahimchoud\AppData\Roaming\uTorrent\uTorrent.exe" [2013-06-30 1045072]
"SearchProtection"="c:\users\fahimchoud\AppData\Roaming\Search Protection\SearchProtection.EXE" [2013-05-22 740712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-04-26 103896]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-05-22 83232]
"PCFixSpeed"="c:\program files (x86)\PCFixSpeed\PCFixTray.exe" [2012-11-30 383648]
"24x7HELP"="c:\program files (x86)\24x7Help\App24x7Help.exe" [2013-03-12 1773648]
"SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
"PrivitizeVPN"="c:\program files (x86)\PrivitizeVPN\PrivitizeVPN.exe" [2013-06-25 196784]
.
c:\users\fahimchoud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\fahimchoud\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2013-5-31 1934376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-9-20 1338144]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~2\261339~1.144\{C16C1~1\BrowserDefender.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
R3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1309000.009\ccSetx64.sys
R3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys
S0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\System32\drivers\SMR311.SYS;c:\windows\SYSNATIVE\drivers\SMR311.SYS
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130620.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130620.001\BHDrvx64.sys
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130628.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130628.001\IDSvia64.sys
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS
S2 24x7HelpSvc;24x7HelpService;c:\program files (x86)\24x7Help\App24x7Svc.exe;c:\program files (x86)\24x7Help\App24x7Svc.exe
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe
S2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TUNEUP\TUNEUPUTILITIESSERVICE64.EXE;c:\program files (x86)\AVG\AVG PC TUNEUP\TUNEUPUTILITIESSERVICE64.EXE
S2 Updater By SweetPacks;Updater By SweetPacks;c:\program files\Updater By SweetPacks\ExtensionUpdaterService.exe;c:\program files\Updater By SweetPacks\ExtensionUpdaterService.exe
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe
S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TUNEUP\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TUNEUP\TuneUpUtilitiesDriver64.sys
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 02:29]
.
2013-07-01 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22 19:26]
.
2013-07-01 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-09-01 19:24]
.
2013-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 23:55]
.
2013-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 23:55]
.
2013-06-08 c:\windows\Tasks\HPCeeScheduleForfahimchoud.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
2013-06-30 c:\windows\Tasks\ReclaimerUpdateFiles_fahimchoud.job
- c:\users\fahimchoud\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-15 16:12]
.
2013-06-30 c:\windows\Tasks\ReclaimerUpdateXML_fahimchoud.job
- c:\users\fahimchoud\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-15 16:12]
.
2013-07-01 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_fahimchoud.job
- c:\users\fahimchoud\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-15 16:12]
.
2013-02-18 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-21 21:15]
.
2013-06-22 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2013-05-03 19:38]
.
2013-06-30 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-07-01 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-06-10 18:37]
.
2013-06-24 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-06-10 18:37]
.
2013-07-01 c:\windows\Tasks\VisualBee-chromeinstaller.job
- c:\program files (x86)\VisualBee\VisualBee-chromeinstaller.exe [2013-06-20 12:44]
.
2013-07-01 c:\windows\Tasks\VisualBee-codedownloader.job
- c:\program files (x86)\VisualBee\VisualBee-codedownloader.exe [2013-06-20 12:44]
.
2013-07-01 c:\windows\Tasks\VisualBee-enabler.job
- c:\program files (x86)\VisualBee\VisualBee-enabler.exe [2013-06-20 12:45]
.
2013-07-01 c:\windows\Tasks\VisualBee-firefoxinstaller.job
- c:\program files (x86)\VisualBee\VisualBee-firefoxinstaller.exe [2013-06-20 12:44]
.
2013-07-01 c:\windows\Tasks\VisualBee-updater.job
- c:\program files (x86)\VisualBee\VisualBee-updater.exe [2013-06-20 12:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}]
2012-08-05 20:26 105472 ----a-w- c:\program files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\fahimchoud\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\fahimchoud\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\fahimchoud\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\fahimchoud\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-10-08 1425408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.yahoo.com?type=293224&fr=spigot-yhp-ie
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={F4E182BA-DC90-11E2-880B-C01885FE5578}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:8555
uInternet Settings,ProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=a4d569cb-9c00-4a8c-86c8-9b8018be6915&searchtype=ds&q={searchTerms}&installDate=20/06/2013
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\fahimchoud\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\fahimchoud\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\fahimchoud\AppData\Roaming\Mozilla\Firefox\Profiles\922t4ifq.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=a4d569cb-9c00-4a8c-86c8-9b8018be6915&searchtype=hp&installDate=20/06/2013
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e66b16fd000000000000c01885fe5578&q=
FF - user.js: extensions.BabylonToolbar.id - e66b16fd000000000000c01885fe5578
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15588
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1221:14
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114066&tt=3612_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyD0F0EyDyDyBzztCyC0F0DtN0D0Tzu0CtAtBzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=598789131
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyD0F0EyDyDyBzztCyC0F0DtN0D0Tzu0CtAtBzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=598789131
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0CtDtCzzzzyD0F0EyDyDyBzztCyC0F0DtN0D0Tzu0CtAtBzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=598789131&q=
FF - user.js: extensions.funmoods.id - C01885FE557816FD
FF - user.js: extensions.funmoods.instlDay - 15668
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2212:0:39
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - e66b16fd00000000000000ffa4d3261a
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15878
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.514:36
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=122303&tt=180613_ndt2&tsp=4921
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extentions.webcake.installId - cf7a16d5-299c-4bc6-a7b5-249863ea21b8
FF - user.js: extentions.webcake.defaultEnableAppsLis t - layers,brain/features,newOffers/wc
FF - user.js: extensions.privitize.hpOld0 - hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={F4E182BA-DC90-11E2-880B-C01885FE5578}
FF - user.js: extensions.privitize.tlbrSrchUrl - hxxp://searchou.com/?id=e66b16fd00000000000000ffa4d3261a&q=
FF - user.js: extensions.privitize.id - e66b16fd00000000000000ffa4d3261a
FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}
FF - user.js: extensions.privitize.instlDay - 15881
FF - user.js: extensions.privitize.vrsn - 1.8.16.22
FF - user.js: extensions.privitize.vrsni - 1.8.16.22
FF - user.js: extensions.privitize.vrsnTs - 1.8.16.220:57
FF - user.js: extensions.privitize.prtnrId - privitize
FF - user.js: extensions.privitize.prdct - privitize
FF - user.
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*********************************************************************
What sort of problem are you experiencing with your computer?
Please download AdwCleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner)by Xplode onto your Desktop.
- Please close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with OK
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
********************************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
•Warning! Once the scan is complete JRT will shut down your browser with NO warning.
•Shut down your protection software now to avoid potential conflicts.
•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Copy and Paste the JRT.txt log into your next message.
***********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
Comment removed.