Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2] 3  All   Go Down

Author Topic: [PROMOTE HERE] is spam or worse  (Read 25506 times)

0 Members and 1 Guest are viewing this topic.

darcomputer

    Topic Starter


    Hopeful

    Thanked: 1
    Re: [PROMOTE HERE] is spam or worse
    « Reply #15 on: September 20, 2012, 12:11:08 PM »
    gggggggrrrrrrrrrrrr had everything ready to post, pressed a letter and all disappeared
    cannot get adwcleaner to work proper on this computer, as you know i had to system restore last time

    i did run malwarebytes already and it showed clean, it's here.   my free version is expired and i own superantispyware. newest log below

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.05.11

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    owner :: OWNER-PC [administrator]

    Protection: Enabled

    05/09/2012 5:28:31 PM
    mbam-log-2012-09-05 (17-28-31).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 214994
    Time elapsed: 2 minute(s), 21 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.05.11

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    owner :: OWNER-PC [administrator]

    Protection: Enabled

    05/09/2012 5:28:31 PM
    mbam-log-2012-09-05 (17-28-31).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 214994
    Time elapsed: 2 minute(s), 21 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    # AdwCleaner v2.001 - Logfile created 09/15/2012 at 20:29:12
    # Updated 09/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : owner - OWNER-PC
    # Boot Mode : Normal
    # Running from : C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBC36BNL\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****

    Found : WajamUpdater

    ***** [Files / Folders] *****

    Folder Found : C:\Program Files (x86)\AVG Secure Search
    Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Found : C:\Program Files (x86)\Conduit
    Folder Found : C:\Program Files (x86)\PriceGong
    Folder Found : C:\Program Files (x86)\Wajam
    Folder Found : C:\Program Files (x86)\WhiteSmoke_US_New
    Folder Found : C:\ProgramData\AVG Secure Search
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
    Folder Found : C:\ProgramData\Partner
    Folder Found : C:\Users\owner\AppData\Local\AVG Secure Search
    Folder Found : C:\Users\owner\AppData\Local\Conduit
    Folder Found : C:\Users\owner\AppData\Local\Wajam
    Folder Found : C:\Users\owner\AppData\LocalLow\AVG Secure Search
    Folder Found : C:\Users\owner\AppData\LocalLow\Conduit
    Folder Found : C:\Users\owner\AppData\LocalLow\PriceGong
    Folder Found : C:\Users\owner\AppData\LocalLow\WhiteSmoke_US_New
    Folder Found : C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam

    ***** [Registry] *****

    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New
    Key Found : HKCU\Software\AppDataLow\Toolbar
    Key Found : HKCU\Software\AVG Secure Search
    Key Found : HKCU\Software\Cr_Installer
    Key Found : HKCU\Software\IGearSettings
    Key Found : HKCU\Software\InstalledBrowserExtensions
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{462BE121-2B54-4218-BF00-B9BF8135B23F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{462BE121-2B54-4218-BF00-B9BF8135B23F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\Wajam
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO.1
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox.1
    Key Found : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
    Key Found : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
    Key Found : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
    Key Found : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3244149
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO
    Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
    Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
    Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : HKLM\Software\Wajam
    Key Found : HKLM\Software\WhiteSmoke_US_New
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{462BE121-2B54-4218-BF00-B9BF8135B23F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{402FE183-9922-4C96-A549-4D34BB7DD0A4}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8940DD5B-74A7-4500-B517-1C08AA2B723E}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{462BE121-2B54-4218-BF00-B9BF8135B23F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New Toolbar
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Software
    Key Found : HKU\S-1-5-21-2605971270-3625370099-2031170598-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKU\S-1-5-21-2605971270-3625370099-2031170598-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{462BE121-2B54-4218-BF00-B9BF8135B23F}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{462BE121-2B54-4218-BF00-B9BF8135B23F}]
    Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{462BE121-2B54-4218-BF00-B9BF8135B23F}]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{462BE121-2B54-4218-BF00-B9BF8135B23F}]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [11429 octets] - [15/09/2012 20:29:12]

    ########## EOF - C:\AdwCleaner[R1].txt - [11490 octets] ##########
    Logged

    SuperDave

    • Malware Removal Specialist
    • Moderator


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: [PROMOTE HERE] is spam or worse
    « Reply #16 on: September 20, 2012, 04:53:42 PM »
    Remove the Adware:
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    *****************************************************
    Please try to run ComboFix again and post the log. If you have trouble, try to run it in Safe Mode.
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    darcomputer

      Topic Starter


      Hopeful

      Thanked: 1
      Re: [PROMOTE HERE] is spam or worse
      « Reply #17 on: September 30, 2012, 05:26:30 PM »
      # AdwCleaner v2.003 - Logfile created 09/30/2012 at 19:00:49
      # Updated 23/09/2012 by Xplode
      # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
      # User : owner - OWNER-PC
      # Boot Mode : Normal
      # Running from : C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FBI3BDF3\adwcleaner.exe
      # Option [Delete]


      ***** [Services] *****

      Stopped & Deleted : WajamUpdater

      ***** [Files / Folders] *****

      Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
      Folder Deleted : C:\Program Files (x86)\AVG Secure Search
      Folder Deleted : C:\Program Files (x86)\Conduit
      Folder Deleted : C:\Program Files (x86)\Wajam
      Folder Deleted : C:\ProgramData\AVG Secure Search
      Folder Deleted : C:\ProgramData\Partner
      Folder Deleted : C:\Users\owner\AppData\Local\AVG Secure Search
      Folder Deleted : C:\Users\owner\AppData\Local\Conduit
      Folder Deleted : C:\Users\owner\AppData\Local\Wajam
      Folder Deleted : C:\Users\owner\AppData\LocalLow\AVG Secure Search
      Folder Deleted : C:\Users\owner\AppData\LocalLow\Conduit
      Folder Deleted : C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam

      ***** [Registry] *****

      Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
      Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
      Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
      Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
      Key Deleted : HKCU\Software\AVG Secure Search
      Key Deleted : HKCU\Software\Cr_Installer
      Key Deleted : HKCU\Software\IGearSettings
      Key Deleted : HKCU\Software\InstalledBrowserExtensions
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Key Deleted : HKCU\Software\Wajam
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Deleted : HKLM\Software\AVG Secure Search
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
      Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
      Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
      Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
      Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
      Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
      Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO
      Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.BHO.1
      Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox
      Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005058.Sandbox.1
      Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
      Key Deleted : HKLM\SOFTWARE\Classes\S
      Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
      Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
      Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3244149
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
      Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
      Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
      Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
      Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
      Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
      Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
      Key Deleted : HKLM\Software\Conduit
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
      Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
      Key Deleted : HKLM\Software\Wajam
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
      Key Deleted : HKLM\SOFTWARE\Software
      Key Deleted : HKU\S-1-5-21-2605971270-3625370099-2031170598-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
      Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
      Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
      Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
      Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
      Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

      ***** [Internet Browsers] *****

      -\\ Internet Explorer v9.0.8112.16421

      Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Restored : [HKU\S-1-5-21-2605971270-3625370099-2031170598-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
      Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=CA&userid=d620ae34-29ab-4339-8401-cc99cb45a631&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
      Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=CA&userid=d620ae34-29ab-4339-8401-cc99cb45a631&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
      Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=CA&userid=d620ae34-29ab-4339-8401-cc99cb45a631&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
      Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=CA&userid=d620ae34-29ab-4339-8401-cc99cb45a631&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

      -\\ Google Chrome v [Unable to get version]

      File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

      [OK] File is clean.

      *************************

      AdwCleaner[R1].txt - [11546 octets] - [15/09/2012 20:29:12]
      AdwCleaner[R2].txt - [9987 octets] - [30/09/2012 18:57:11]
      AdwCleaner[R2]snap.do.txt - [9987 octets] - [30/09/2012 18:58:58]
      AdwCleaner[R3].txt - [10116 octets] - [30/09/2012 19:00:35]
      AdwCleaner[S1].txt - [10895 octets] - [30/09/2012 19:00:49]

      ########## EOF - C:\AdwCleaner[S1].txt - [10956 octets] ##########


      ComboFix 12-09-30.01 - owner 30/09/2012  19:25:57.1.8 - x64
      Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.8095.6061 [GMT -4:00]
      Running from: c:\users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FBI3BDF3\ComboFix.exe
      AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
      FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
      SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
       * Created a new restore point
      .
      .
      (((((((((((((((((((((((((   Files Created from 2012-08-28 to 2012-09-30  )))))))))))))))))))))))))))))))
      .
      .
      2012-09-30 23:30 . 2012-09-30 23:30   --------   d-----w-   c:\users\Default\AppData\Local\temp
      2012-09-30 23:30 . 2012-09-30 23:30   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
      2012-09-25 23:35 . 2012-08-21 21:01   245760   ----a-w-   c:\windows\system32\OxpsConverter.exe
      2012-09-24 18:42 . 2012-09-24 18:42   --------   d-----w-   c:\users\owner\AppData\Roaming\Apple Computer
      2012-09-23 23:17 . 2012-09-23 23:17   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
      2012-09-23 23:17 . 2012-09-23 23:17   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
      2012-09-23 23:17 . 2012-09-23 23:17   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
      2012-09-23 23:17 . 2012-09-23 23:17   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
      2012-09-23 23:17 . 2012-09-23 23:17   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
      2012-09-23 23:17 . 2012-09-23 23:17   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
      2012-09-23 23:17 . 2012-09-23 23:17   159744   ----a-w-   c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
      2012-09-23 23:17 . 2012-09-23 23:17   --------   d-----w-   c:\program files (x86)\QuickTime
      2012-09-23 23:17 . 2012-09-23 23:17   --------   d-----w-   c:\programdata\Apple Computer
      2012-09-23 23:15 . 2012-09-23 23:15   --------   d-----w-   c:\program files (x86)\Common Files\Apple
      2012-09-23 23:14 . 2012-09-23 23:14   --------   d-----w-   c:\users\owner\AppData\Local\Apple
      2012-09-23 23:14 . 2012-09-23 23:14   --------   d-----w-   c:\program files (x86)\Apple Software Update
      2012-09-23 23:14 . 2012-09-23 23:14   --------   d-----w-   c:\programdata\Apple
      2012-09-23 23:10 . 2012-09-23 23:10   --------   d-----w-   c:\windows\SysWow64\Adobe
      2012-09-16 00:27 . 2012-09-16 00:27   --------   d-----w-   c:\users\owner\AppData\Local\MFAData
      2012-09-16 00:27 . 2012-09-16 00:27   --------   d-----w-   c:\users\owner\AppData\Local\Avg2013
      2012-09-11 21:21 . 2012-08-22 18:12   950128   ----a-w-   c:\windows\system32\drivers\ndis.sys
      2012-09-11 21:21 . 2012-07-04 20:26   41472   ----a-w-   c:\windows\system32\drivers\RNDISMP.sys
      2012-09-11 21:21 . 2012-08-02 17:58   574464   ----a-w-   c:\windows\system32\d3d10level9.dll
      2012-09-11 21:21 . 2012-08-02 16:57   490496   ----a-w-   c:\windows\SysWow64\d3d10level9.dll
      2012-09-11 21:21 . 2012-08-22 18:12   1913200   ----a-w-   c:\windows\system32\drivers\tcpip.sys
      2012-09-11 21:21 . 2012-08-22 18:12   376688   ----a-w-   c:\windows\system32\drivers\netio.sys
      2012-09-11 21:21 . 2012-08-22 18:12   288624   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
      2012-09-09 20:18 . 2012-09-25 23:50   --------   d-----w-   c:\program files\SUPERAntiSpyware
      2012-09-06 00:13 . 2012-09-06 00:13   --------   d-----w-   c:\program files (x86)\Common Files\Java
      2012-09-06 00:11 . 2012-09-06 00:11   821736   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
      2012-09-06 00:11 . 2012-09-06 00:11   95208   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
      2012-09-05 23:58 . 2012-09-05 23:58   --------   d-----w-   c:\users\owner\AppData\Local\Zoom_Downloader
      2012-09-05 23:57 . 2012-09-05 23:57   --------   d-----w-   c:\users\owner\AppData\Local\Shopping Sidekick
      2012-09-05 23:57 . 2012-09-20 18:34   --------   d-----w-   c:\program files (x86)\Shopping Sidekick
      2012-09-05 00:52 . 2012-09-05 00:52   --------   d-----w-   c:\users\owner\AppData\Local\KodakGallery
      2012-09-05 00:52 . 2012-09-05 00:52   --------   d-----w-   c:\users\owner\AppData\Roaming\Skinux
      2012-09-05 00:51 . 2012-09-05 00:51   --------   d-----w-   c:\users\owner\AppData\Local\Programs
      2012-09-05 00:51 . 2012-09-05 00:51   --------   d-----w-   c:\users\owner\AppData\Local\ArcSoft
      2012-09-05 00:50 . 2012-09-07 15:17   --------   d-----w-   c:\users\owner\AppData\Roaming\Arcsoft
      2012-09-05 00:50 . 2012-09-07 14:55   --------   d-----w-   c:\programdata\ArcSoft
      2012-09-05 00:50 . 2012-09-05 00:50   --------   d-----w-   c:\program files (x86)\Common Files\ArcSoft
      2012-09-05 00:50 . 2012-09-05 00:50   --------   d-----w-   c:\program files (x86)\ArcSoft
      2012-09-05 00:48 . 2012-09-05 00:49   --------   d-----w-   c:\program files (x86)\Common Files\Kodak
      2012-09-05 00:48 . 2012-09-05 00:49   --------   d-----w-   c:\program files (x86)\Kodak
      2012-09-05 00:44 . 2012-09-05 00:52   --------   d-----w-   c:\programdata\Kodak
      2012-09-04 04:21 . 2012-09-04 04:21   --------   d-----w-   c:\users\owner\AppData\Roaming\Malwarebytes
      2012-09-04 04:21 . 2012-09-04 04:21   --------   d-----w-   c:\programdata\Malwarebytes
      2012-09-04 04:21 . 2012-09-13 21:19   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
      2012-09-04 04:21 . 2012-09-07 21:04   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
      2012-09-03 21:25 . 2012-09-20 17:36   --------   d-----r-   c:\users\owner\Dropbox
      2012-09-03 21:23 . 2012-09-20 18:21   --------   d-----w-   c:\users\owner\AppData\Roaming\Dropbox
      2012-09-03 20:17 . 2012-09-03 20:17   --------   d-----w-   c:\users\owner\AppData\Roaming\SUPERAntiSpyware.com
      2012-09-03 20:17 . 2012-09-03 20:17   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
      2012-09-01 03:57 . 2012-09-01 03:57   --------   d-----w-   c:\programdata\SugarGames
      2012-09-01 03:04 . 2012-09-01 03:04   --------   d-----w-   c:\program files (x86)\Rainbow Web II
      2012-09-01 03:02 . 2012-09-01 04:34   --------   d-----w-   c:\program files (x86)\Super Granny 3
      2012-09-01 02:14 . 2012-09-01 02:14   --------   d-----w-   c:\program files\FlexWATCH
      .
      .
      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-09-23 23:19 . 2012-06-29 18:19   73136   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2012-09-23 23:19 . 2012-06-29 18:19   696240   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
      2012-09-12 01:09 . 2012-06-30 21:05   64462936   ----a-w-   c:\windows\system32\MRT.exe
      2012-09-06 00:11 . 2011-04-12 02:05   746984   ----a-w-   c:\windows\SysWow64\deployJava1.dll
      2012-09-04 04:13 . 2012-08-01 20:52   31080   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
      2012-08-24 19:43 . 2012-08-24 19:43   384352   ----a-w-   c:\windows\system32\drivers\avgtdia.sys
      2012-07-26 07:21 . 2012-07-26 07:21   291680   ----a-w-   c:\windows\system32\drivers\avgldx64.sys
      2012-07-18 18:15 . 2012-08-15 01:05   3148800   ----a-w-   c:\windows\system32\win32k.sys
      2012-07-04 22:16 . 2012-08-15 01:05   73216   ----a-w-   c:\windows\system32\netapi32.dll
      2012-07-04 22:13 . 2012-08-15 01:05   59392   ----a-w-   c:\windows\system32\browcli.dll
      2012-07-04 22:13 . 2012-08-15 01:05   136704   ----a-w-   c:\windows\system32\browser.dll
      2012-07-04 21:14 . 2012-08-15 01:05   41984   ----a-w-   c:\windows\SysWow64\browcli.dll
      .
      .
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110011501158}]
      2012-08-28 18:19   611720   ----a-w-   c:\program files (x86)\Shopping Sidekick\Shopping Sidekick.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-25 5664640]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
      "TSleepSrv"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe" [BU]
      "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
      "TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2011-03-11 714104]
      "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
      "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
      "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
      "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
      "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
      "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2011-2-23 323584]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
      "LoadAppInit_DLLs"=1 (0x1)
      "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
      "aux"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute   REG_MULTI_SZ      autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
      @=""
      .
      R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 135664]
      R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
      R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 250288]
      R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 135664]
      R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
      R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
      R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
      R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-29 1255736]
      R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
      S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
      S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
      S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-29 25960]
      S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-04-04 482384]
      S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
      S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
      S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
      S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
      S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
      S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
      S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
      S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
      S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
      S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
      S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
      S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
      S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
      S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-29 2009704]
      S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
      S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2010-10-21 72192]
      S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-01-24 100352]
      S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2011-01-29 53760]
      S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-03-28 290232]
      S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
      S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
      S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]
      S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
      S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
      S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2009-08-31 6656]
      S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
      S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
      S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
      S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
      S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
      S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
      S3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\DRIVERS\nuvotonhidcir.sys [2009-08-31 26624]
      S3 nuvotonir;Nuvoton CIR Transceiver;c:\windows\system32\DRIVERS\nuvotonir.sys [2009-08-31 68096]
      S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064]
      S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
      S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
      S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-06 828336]
      S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
      S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-25 42392]
      .
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 23:19]
      .
      2012-09-05 c:\windows\Tasks\EasyShare Registration Task.job
      - c:\windows\system32\rundll32.exe [2009-07-13 01:14]
      .
      2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 03:52]
      .
      2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-29 03:52]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
      "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
      "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
      "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
      "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
      "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
      "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
      "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
      "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
      "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
      "HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [BU]
      "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
      "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
      "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
      "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
      "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.computerhope.com/
      uLocal Page = c:\windows\system32\blank.htm
      mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
      mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uSearchAssistant = hxxp://www.google.com
      IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
      IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} -
      TCP: DhcpNameServer = 192.168.2.1
      DPF: {95E2148E-2C85-4FCE-BB06-6952F3FF7830} - hxxp://www.flexwatch.com/app_link/download/SmartViewer.cab
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-Locked - (no file)
      Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
      Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
      Toolbar-Locked - (no file)
      ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
      ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
      ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
      ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
      AddRemove-Shopping Sidekick - c:\program files (x86)\Shopping Sidekick\Uninstall.exe
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.11"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      Completion time: 2012-09-30  19:31:37
      ComboFix-quarantined-files.txt  2012-09-30 23:31
      ComboFix2.txt  2012-09-06 11:39
      .
      Pre-Run: 662,803,251,200 bytes free
      Post-Run: 662,354,976,768 bytes free
      .
      - - End Of File - - 48753AB9107523BA30F0F2E9F8CAAB9D
      Logged

      SuperDave

      • Malware Removal Specialist
      • Moderator


        • Genius
        • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: [PROMOTE HERE] is spam or worse
      « Reply #18 on: October 01, 2012, 01:04:33 PM »
      Please download aswMBR.exe ( 511KB ) to your desktop.

      Double click the aswMBR.exe to run it



      Click the "Scan" button to start scan

      Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



      On completion of the scan click save log, save it to your desktop and post in your next reply
      ****************************************************************
      Please download Rooter and Save it to your desktop.
      • Double click it to start the tool.Vista and Windows7 run as administrator.
      • Click Scan.
      • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
      Logged
      Windows 8 and Windows 10 dual boot with two SSD's

      darcomputer

        Topic Starter


        Hopeful

        Thanked: 1
        Re: [PROMOTE HERE] is spam or worse
        « Reply #19 on: October 06, 2012, 10:06:37 AM »
        aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
        Run date: 2012-10-06 10:38:38
        -----------------------------
        10:38:38.332    OS Version: Windows x64 6.1.7601 Service Pack 1
        10:38:38.332    Number of processors: 8 586 0x2A07
        10:38:38.332    ComputerName: OWNER-PC  UserName: owner
        10:38:40.594    Initialize success
        10:38:48.691    AVAST engine defs: 12100500
        10:38:51.499    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
        10:38:51.499    Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
        10:38:51.514    Disk 0 MBR read successfully
        10:38:51.514    Disk 0 MBR scan
        10:38:51.514    Disk 0 Windows VISTA default MBR code
        10:38:51.577    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
        10:38:51.592    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       680568 MB offset 3074048
        10:38:51.624    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS        21554 MB offset 1396877312
        10:38:51.655    Disk 0 Partition 4 00     17 Hidd HPFS/NTFS NTFS        11781 MB offset 1441019904
        10:38:51.686    Disk 0 scanning C:\windows\system32\drivers
        10:39:00.734    Service scanning
        10:39:33.291    Modules scanning
        10:39:33.307    Disk 0 trace - called modules:
        10:39:33.400    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
        10:39:33.416    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009bed790]
        10:39:33.416    3 CLASSPNP.SYS[fffff88001b3243f] -> nt!IofCallDriver -> [0xfffffa8007d1de40]
        10:39:33.432    5 ACPI.sys[fffff88000fa37a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007d84050]
        10:39:34.695    AVAST engine scan C:\windows
        10:39:37.503    AVAST engine scan C:\windows\system32
        10:41:26.844    AVAST engine scan C:\windows\system32\drivers
        10:41:35.408    AVAST engine scan C:\Users\owner
        11:05:22.421    AVAST engine scan C:\ProgramData
        11:07:24.007    Scan finished successfully
        12:12:16.199    Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
        12:12:16.214    The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR2.txt"


        Rooter.exe (v1.0.2) by Eric_71
        .
        The token does not have the SeDebugPrivilege privilege ! (error:1300)
        Can not acquire SeDebugPrivilege !
        Please run the tool as administrator ..
        .
        Windows 7 Home Edition (6.1.7601) Service Pack 1
        [32_bits] - Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
        .
        Error OpenService (wscsvc) : 6
        Error OpenSCManager : 5
        Error OpenService (MpsSvc) : 6
        Windows Defender -> Enabled
        User Account Control (UAC) -> Enabled
        .
        Internet Explorer 9.0.8112.16421
        .
        C:\  [Fixed-NTFS] .. ( Total:664 Go - Free:617 Go )
        D:\  [CD_Rom]
        .
        Scan : 12:13.25
        Path : C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C02HLV1H\Rooter.exe
        User : owner ( Administrator -> YES )
        .
        ----------------------\\ Processes
        .
        Locked [System Process] (0)
        Locked System (4)
        Locked smss.exe (356)
        Locked avgrsa.exe (488)
        Locked avgcsrva.exe (540)
        Locked csrss.exe (948)
        Locked wininit.exe (468)
        Locked csrss.exe (912)
        Locked services.exe (984)
        Locked lsass.exe (972)
        Locked lsm.exe (980)
        Locked svchost.exe (1088)
        Locked nvvsvc.exe (1148)
        Locked svchost.exe (1192)
        Locked svchost.exe (1256)
        Locked svchost.exe (1288)
        Locked svchost.exe (1328)
        Locked svchost.exe (1436)
        Locked winlogon.exe (1472)
        Locked svchost.exe (1584)
        Locked wlanext.exe (1696)
        Locked conhost.exe (1704)
        Locked spoolsv.exe (1804)
        Locked svchost.exe (1836)
        Locked NvXDSync.exe (1916)
        Locked nvvsvc.exe (1928)
        Locked SASCore64.exe (2036)
        Locked avgwdsvc.exe (1532)
        Locked EvtEng.exe (2072)
        Locked svchost.exe (2132)
        Locked mbamscheduler.exe (2176)
        Locked PsiService_2.exe (2264)
        ______ ????????? (2368)
        ______ ????????? (2456)
        ______ ????????? (2488)
        Locked RegSrvc.exe (2788)
        Locked svchost.exe (2848)
        Locked TODDSrv.exe (2920)
        Locked TosCoSrv.exe (2960)
        Locked ToolbarUpdater.exe (3060)
        Locked WLIDSVC.EXE (2216)
        Locked WLIDSVCM.EXE (2648)
        Locked TecoService.exe (2480)
        Locked avgidsagent.exe (3092)
        Locked unsecapp.exe (3348)
        Locked WmiPrvSE.exe (3452)
        ______ ????????? (3728)
        ______ ????????? (3756)
        ______ ????????? (3788)
        ______ ????????? (3808)
        ______ ????????? (3860)
        ______ ????????? (3884)
        ______ ????????? (3896)
        ______ ????????? (3904)
        ______ ????????? (4024)
        ______ ????????? (3168)
        ______ ????????? (2308)
        ______ ????????? (3652)
        ______ ????????? (4196)
        Locked avgnsa.exe (4264)
        Locked avgemca.exe (4284)
        ______ ????????? (4304)
        ______ ????????? (4332)
        ______ C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (4684)
        ______ ????????? (4452)
        ______ C:\Program Files (x86)\Toshiba\TRCMan\TRCMan.exe (4468)
        Locked svchost.exe (3664)
        Locked SearchIndexer.exe (4280)
        ______ ????????? (5220)
        ______ C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (5292)
        ______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (5316)
        Locked wmpnetwk.exe (5436)
        ______ ????????? (5540)
        ______ ????????? (5568)
        Locked SynTPHelper.exe (5700)
        ______ C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe (6044)
        ______ ????????? (6228)
        ______ C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (6280)
        ______ C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe (6292)
        ______ C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (6348)
        Locked ACService.exe (2452)
        ______ C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (6196)
        Locked TMachInfo.exe (6976)
        Locked TPCHSrv.exe (4976)
        Locked TosSmartSrv.exe (1880)
        ______ ????????? (6960)
        Locked CFIWmxSvcs64.exe (2744)
        Locked CFSvcs.exe (6724)
        Locked iviRegMgr.exe (6160)
        Locked LMS.exe (3724)
        Locked mbamservice.exe (6620)
        ______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (4496)
        Locked daemonu.exe (3416)
        ______ ????????? (6384)
        Locked UNS.exe (2824)
        Locked SeaPort.EXE (4824)
        ______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (2724)
        ______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (2316)
        ______ C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe (8004)
        ______ C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe (7416)
        ______ C:\program files (x86)\shopping sidekick\shopping sidekick-bg.exe (5176)
        ______ C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe (5624)
        ______ C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe (5812)
        ______ C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe (2120)
        ______ C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe (4584)
        ______ C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe (4696)
        ______ C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe (4228)
        Locked audiodg.exe (2880)
        ______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (7388)
        ______ C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C02HLV1H\Rooter.exe (6580)
        .
        ----------------------\\ Device\Harddisk0\
        .
        \Device\Harddisk0 [Sectors : 63 x 512 Bytes]
        .
        \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:1572864000)
        \Device\Harddisk0\Partition2 (Start_Offset:1573912576 | Length:713627271168)
        \Device\Harddisk0\Partition3 (Start_Offset:715201183744 | Length:22601007104)
        \Device\Harddisk0\Partition4 (Start_Offset:737802190848 | Length:12353273856)
        .
        ----------------------\\ Scheduled Tasks
        .
        C:\windows\Tasks\Adobe Flash Player Updater.job
        C:\windows\Tasks\EasyShare Registration Task.job
        C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
        C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
        C:\windows\Tasks\SA.DAT
        C:\windows\Tasks\SCHEDLGU.TXT
        .
        ----------------------\\ Registry
        .
        .
        ----------------------\\ Files & Folders
        .
        ----------------------\\ Scan completed at 12:13.26
        .
        C:\Rooter$\Rooter_1.txt - (06/10/2012 | 12:13.26)
        Logged

        SuperDave

        • Malware Removal Specialist
        • Moderator


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: [PROMOTE HERE] is spam or worse
        « Reply #20 on: October 06, 2012, 12:13:50 PM »
        How's your computer working now?

        I'd like to scan your machine with ESET OnlineScan

        •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
        ESET OnlineScan
        •Click the button.
        •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
        • Click on to download the ESET Smart Installer. Save it to your desktop.
        • Double click on the icon on your desktop.
        •Check
        •Click the button.
        •Accept any security warnings from your browser.
        •Check
        •Push the Start button.
        •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
        •When the scan completes, push
        •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
        •Push the button.
        •Push
        A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
        Logged
        Windows 8 and Windows 10 dual boot with two SSD's

        darcomputer

          Topic Starter


          Hopeful

          Thanked: 1
          Re: [PROMOTE HERE] is spam or worse
          « Reply #21 on: October 06, 2012, 05:34:22 PM »
          C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll   a variant of Win32/Toolbar.CrossRider.A application
          Operating memory   a variant of Win32/Toolbar.CrossRider.A application




          is it okay to try ESET for 30 days?  i will check the PROMOTE HERE emails. 




          This is in an email from someone i know but never get emails from her and she is young.  Looks very suspicious.  Her email has been compromised and what should i do.  This happens quite a bit.  Deleted all the promote, sry, will let you know if i get one tomorrow ty

          http://testsite1.jfeli.com/wp-content/plugins/buddypress/life.php?Negro222.jpg
          Logged

          SuperDave

          • Malware Removal Specialist
          • Moderator


            • Genius
            • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: [PROMOTE HERE] is spam or worse
          « Reply #22 on: October 06, 2012, 06:53:01 PM »
          Quote
          This is in an email from someone i know but never get emails from her and she is young.  Looks very suspicious.  Her email has been compromised and what should i do.
          I've been hit by that same thing a few times. The only thing you can tell them is that their email account has been hacked.
          You didn't tell me if you were having any other issues with your computer.
          Logged
          Windows 8 and Windows 10 dual boot with two SSD's

          darcomputer

            Topic Starter


            Hopeful

            Thanked: 1
            Re: [PROMOTE HERE] is spam or worse
            « Reply #23 on: October 06, 2012, 11:54:06 PM »
            can't tell yet, but am using ESET for 30 free days :)
            Logged

            SuperDave

            • Malware Removal Specialist
            • Moderator


              • Genius
              • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: [PROMOTE HERE] is spam or worse
            « Reply #24 on: October 07, 2012, 12:09:32 PM »
            Quote from: darcomputer on October 06, 2012, 11:54:06 PM
            can't tell yet, but am using ESET for 30 free days :)
            Ok. Please let me know after a few days and we'll do some cleanup.
            Logged
            Windows 8 and Windows 10 dual boot with two SSD's

            darcomputer

              Topic Starter


              Hopeful

              Thanked: 1
              Re: [PROMOTE HERE] is spam or worse
              « Reply #25 on: October 10, 2012, 12:06:42 PM »
              computer is running much faster BUT i'm still getting alot of spam in my junk email under [email protected]   one of my emails my hotmail one is fine 

              I got about 15 emails yesterday from this one place and 6 so far today. 

              can you tell me how i can post them for you to see,  many from the same places just different senders help please
              Logged

              SuperDave

              • Malware Removal Specialist
              • Moderator


                • Genius
                • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: [PROMOTE HERE] is spam or worse
              « Reply #26 on: October 10, 2012, 01:25:20 PM »
              Quote
              computer is running much faster BUT i'm still getting alot of spam in my junk email under [email protected]   one of my emails my hotmail one is fine 
              I don't need to see them. I find that the best way to get rid of junk mail is to use a filter like MailWasher. You can preview the mail before it downloads from your server. You can then delete or bounce them.

              Download this program and run it Uninstall ComboFix .It will remove ComboFix for you.
              ******************************************************
              To set a new Restore Point.

              Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection.  If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
              Click the Start button , click Control Panel, click System and Maintenance, and then click System.
              In the left pane, click System Protection.  If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
              To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
              This will give you a new, clean Restore Point.
              **********************************************************
              Click Start> Computer> right click the C Drive and choose Properties> enter
              Click Disk Cleanup from there.



              Click OK on the Disk Cleanup Screen.
              Click Yes on the Confirmation screen.



              This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
              ********************************************************
              Go to Microsoft Windows Update and get all critical updates.

              ----------

              I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

              SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
              * Using SpywareBlaster to protect your computer from Spyware and Malware
              * If you don't know what ActiveX controls are, see here

              Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

              Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

              Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
              Safe Surfing!
              Logged
              Windows 8 and Windows 10 dual boot with two SSD's

              darcomputer

                Topic Starter


                Hopeful

                Thanked: 1
                Re: [PROMOTE HERE] is spam or worse
                « Reply #27 on: October 10, 2012, 04:41:37 PM »
                Smartscreen filter will not allow me to download the combofix file,  no way at all, no option, maybe i should uninstall it if i can
                Logged

                SuperDave

                • Malware Removal Specialist
                • Moderator


                  • Genius
                  • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: [PROMOTE HERE] is spam or worse
                « Reply #28 on: October 10, 2012, 07:18:16 PM »
                Quote
                Smartscreen filter will not allow me to download the combofix file,  no way at all, no option, maybe i should uninstall it if i can
                I don't know what's up with SmartScreen Filter. I've had trouble with this program twice today on my daughter's laptop. Anyway, when you clean the temp files, it should get rid of ComboFix.
                Logged
                Windows 8 and Windows 10 dual boot with two SSD's

                darcomputer

                  Topic Starter


                  Hopeful

                  Thanked: 1
                  Re: [PROMOTE HERE] is spam or worse
                  « Reply #29 on: October 11, 2012, 05:03:20 PM »
                  how do i clean the temp files?
                  Logged
                  Pages: 1 [2] 3  All   Go Up
                  « previous next »